Re: [pfSense Support] Virtual IPs

Sat, 29 Oct 2005 11:24:07 -0700 

Chris,
Thanks for the clarification. I will be doing a 1:1 Nat for the Mail Server for sure. That seems like the best route for the Mail Server. I guess you would call it Standard NAT (TCP). Not sure exactly what you are asking specifically. Let me see if this example helps. WAN IP: 12.165.119.195 Port 80 forwards to 192.168.40.5 -- Tested and works Great Virtual IP: 12.165.119.196 Port 80 forwards to 192.168.40.6 -- Can't connect to Port 80 at all. 


Nothing shows in the Logs that it was denied or anything.  Maybe I just 
don't understand NAT / Firewalls as well as I had thought!  lol    I 
have verified the Firewall Rules, and they are allowing such traffic (I 
checked the box at the bottom of the NAT sceen to auto add it to the 
firewall).  Again, I am using Proxy ARP (not sure if I should use Other) 
for the Virtual IP.



Any help would be appreciated. 


Thanks so much,
Nate



Chris Buechler wrote:


you can't ping virtual IP's, because they don't get bound to any NIC.  
Unless you do 1:1 NAT and permit ICMP to the private IP, in which case 
they are pingable.

what kind of NAT are you attempting on that virtual IP?


Nate Davis wrote:


Howdy,


pfSense has been a solid firewall for home use, and now I am  
implementing it as a firewall at work.  I have run into a snag, and  
not really sure what the problem is. I am running 89.2


Here is my Setup:

WAN (AT&T-T1): 12.165.119.195
LAN: 192.168.40.1


I can use NAT, and Port Forwarding.  They work great and all is well  
when I only have one WAN IP.  No Problems.  So, my problems comes  
when I do Virtual IPs.  I would like to add a second IP.  I add a  
Virtual IP of 12.165.119.196 (Proxy ARP), and set my NAT rules up  
using this Virtual IP.  I am unable to connect at all to this 
Virtual  IP.  I have restarted the Box, and everything.  I can Ping  
12.165.119.195, but can't ping my 196 address.  So, it seems that 
the  Virtual IPs are not binding to that NIC card or somthing like 
that.   







---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to