Date: Thu, 6 Jan 2011 16:29:32 +0700 From: pa...@poluan.info To: support@pfsense.com Subject: Re: [pfSense Support] Re: Trouble with VIP?
Please find attached the screenshot of my firewall. Explanation: + "... Public" is an alias for 10.2.2.8 and 10.2.2.9 + The four blackened nets are 192.168.1. Rgds, --Pandu E Poluan On Thu, Jan 6, 2011 at 15:22, Abdulrehman <arvagabo...@gmail.com> wrote: ok...for DNS...you need to allow both TCP and UDP....Can you share the screen shot of your firewall rule..? On Thu, Jan 6, 2011 at 1:18 PM, Pandu Poluan <pa...@poluan.info> wrote: Yes, I was accessing the external IP address from a different network. E.g. The 100.x.y.z is on ISP A, I tried to access it from a computer with IP 200.p.q.r on ISP B. Rgds, On 2011-01-06, Abdulrehman <arvagabo...@gmail.com> wrote: > You can not access the public IP address of the same IP pool. You have this > 100.2.2.8/25 on your WAN interface. Check this 100.2.2.9:53 from outside > your network. From inside, you can not use this (100.2.2.9:53) address to > query your DNS. Use the internal network address of the DNS server. > > On Thu, Jan 6, 2011 at 10:58 AM, Pandu Poluan <pa...@poluan.info> wrote: > >> Hello again! >> >> I think I'm having trouble with VIP. >> >> The scenario is this (IP addresses obfuscated): >> + WAN address is 100.2.2.8/25 >> + LAN address is 192.168.1.1/24 >> + I create a VIP, CARP, 100.2.2.9/25 >> >> Now, I tried to make a NAT: >> + 100.2.2.9:53 forwards to 192.168.1.20:53 >> + A firewall rule is automatically created >> >> However, all attempts to contact the DNS Server via 100.2.2.9:53 fail. >> >> If I try ping-ing an external IP address from the DNS Server >> (192.168.1.20), it works. >> >> Where did I go wrong? >> >> -- >> Pandu E Poluan I may be wrong, but shouldn't the VIP be a /32 not a /25?