The WAN IP should be set using the correct netmask. You should also
consider using CARP type virtual IP addresses, even if you're not doing
a CARP cluster. CARP virtual IPs will respond to ping whereas proxyARP
will not. Beyond that, the process for a 1:1 NAT is very simple.
Whatever you're missing, its likely to be something small and innocuous.
Adam Van Ornum wrote:
> Date: Wed, 27 Jan 2010 21:19:17 -0600
> From: g...@s4f.com
> To: support@pfsense.com
> Subject: Re: [pfSense Support] Noob Multiple Public IP Question
>
> Assuming Comcast gave you a contiguous netblock, your netblock would be
> *.*.0.192-207 (192 being the network address and 207 being the
> broadcast) leaving 193-206 as usable IP addresses. *.*.0.175 isn't in
> that net block and so its not likely that its available for you to use.
>
> Adam Van Ornum wrote:
> > Ok, I am pretty inexperienced with IP addressing, particularly
when it
> > comes to configuring firewalls with multiple public IPs, but at my
> > small business I'm the most experienced with IT stuff in general so I
> > get to be the one who deals with all this stuff. We have Comcast as
> > our internet provider with a range of public IPs of which we are
> > currently only using one. I'd like to be able to use another public
> > IP in order to expose more services, such as a separate mail or web
> > server.
> >
> > Comcast provided public IPs: *.*.0.206/28
> > Current WAN IP: *.*.0.193/28
> > Current WAN Gateway: *.*.0.206
> >
> > This was setup with a different firewall (a crappy consumer box)
> > before I got here, so after I started I switched over to pfSense and
> > just used the settings that were in the old box. Currently,
> > everything is working fine with this setup but now I am trying to set
> > things up so I can use another public IP (ie *.*.0.175) to expose
> > different web and mail services hosted on a different internal server
> > and I can't get it to work.
> >
> > What I have tried is to add a virtual IP (I've tried both Proxy ARP
> > and Other) with the following settings:
> >
> > Interface: WAN
> > IP Address: *.*.0.175/32
> >
> > And I then setup 1:1 NAT mapping *.*.0.175/32 to 192.168.100.10.
> > Lastly, I create a firewall rule on the WAN interface to allow
port 80
> > where the destination is 192.168.100.10.
> >
> > However, this does not seem to work...what am I missing?
> >
Thanks for pointing that out...that was actually just a mistake in my
email...I meant *.*.0.195. I'm not really that much of a noob. :)
Apparently I had 175 stuck in my head for some reason...I'll double
check the config when I get back to work tomorrow but I'm pretty sure
I had it right (195) there.
Are there any other issues that jump out? Should the WAN IP be set to
/28 or should it be set to something else like /32? Just to see what
would happen I tried setting it to /32 and then our Internet access
went completely down.
------------------------------------------------------------------------
Hotmail: Powerful Free email with security by Microsoft. Get it now.
<http://clk.atdmt.com/GBL/go/196390710/direct/01/>
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
