Date: Thu, 6 Jan 2011 16:29:32 +0700
From: pa...@poluan.info
To: support@pfsense.com
Subject: Re: [pfSense Support] Re: Trouble with VIP?
Please find attached the screenshot of my firewall.
Explanation:
+ "... Public" is an alias for 10.2.2.8 and 10.2.2.9
+ The four blackened nets are 192.168.1.
Rgds,
--Pandu E Poluan
On Thu, Jan 6, 2011 at 15:22, Abdulrehman <arvagabo...@gmail.com> wrote:
ok...for DNS...you need to allow both TCP and UDP....Can you share the screen
shot of your firewall rule..?
On Thu, Jan 6, 2011 at 1:18 PM, Pandu Poluan <pa...@poluan.info> wrote:
Yes, I was accessing the external IP address from a different network.
E.g. The 100.x.y.z is on ISP A, I tried to access it from a computer
with IP 200.p.q.r on ISP B.
Rgds,
On 2011-01-06, Abdulrehman <arvagabo...@gmail.com> wrote:
> You can not access the public IP address of the same IP pool. You have this
> 100.2.2.8/25 on your WAN interface. Check this 100.2.2.9:53 from outside
> your network. From inside, you can not use this (100.2.2.9:53) address to
> query your DNS. Use the internal network address of the DNS server.
>
> On Thu, Jan 6, 2011 at 10:58 AM, Pandu Poluan <pa...@poluan.info> wrote:
>
>> Hello again!
>>
>> I think I'm having trouble with VIP.
>>
>> The scenario is this (IP addresses obfuscated):
>> + WAN address is 100.2.2.8/25
>> + LAN address is 192.168.1.1/24
>> + I create a VIP, CARP, 100.2.2.9/25
>>
>> Now, I tried to make a NAT:
>> + 100.2.2.9:53 forwards to 192.168.1.20:53
>> + A firewall rule is automatically created
>>
>> However, all attempts to contact the DNS Server via 100.2.2.9:53 fail.
>>
>> If I try ping-ing an external IP address from the DNS Server
>> (192.168.1.20), it works.
>>
>> Where did I go wrong?
>>
>> --
>> Pandu E Poluan
I may be wrong, but shouldn't the VIP be a /32 not a /25?
