/32 ? You mean, the subnet mask length in VIP does not need to be identical with the subnet mask length of WAN interface?
Hmmm... that didn't cross my mind... I'll try that when I get back at the office in approx. 8 hours from now (time of posting). Rgds, On 2011-01-07, Adam Van Ornum <greatb...@hotmail.com> wrote: > > Date: Thu, 6 Jan 2011 16:29:32 +0700 > From: pa...@poluan.info > To: support@pfsense.com > Subject: Re: [pfSense Support] Re: Trouble with VIP? > > Please find attached the screenshot of my firewall. > > Explanation: > + "... Public" is an alias for 10.2.2.8 and 10.2.2.9 > + The four blackened nets are 192.168.1. > > Rgds, > --Pandu E Poluan > > > > On Thu, Jan 6, 2011 at 15:22, Abdulrehman <arvagabo...@gmail.com> wrote: > > ok...for DNS...you need to allow both TCP and UDP....Can you share the > screen shot of your firewall rule..? > > > On Thu, Jan 6, 2011 at 1:18 PM, Pandu Poluan <pa...@poluan.info> wrote: > > > Yes, I was accessing the external IP address from a different network. > > > > > E.g. The 100.x.y.z is on ISP A, I tried to access it from a computer > > with IP 200.p.q.r on ISP B. > > > > Rgds, > > > > > > On 2011-01-06, Abdulrehman <arvagabo...@gmail.com> wrote: > >> You can not access the public IP address of the same IP pool. You have >> this > >> 100.2.2.8/25 on your WAN interface. Check this 100.2.2.9:53 from outside > >> your network. From inside, you can not use this (100.2.2.9:53) address to > >> query your DNS. Use the internal network address of the DNS server. > >> > >> On Thu, Jan 6, 2011 at 10:58 AM, Pandu Poluan <pa...@poluan.info> wrote: > >> > >>> Hello again! > >>> > >>> I think I'm having trouble with VIP. > >>> > >>> The scenario is this (IP addresses obfuscated): > >>> + WAN address is 100.2.2.8/25 > >>> + LAN address is 192.168.1.1/24 > >>> + I create a VIP, CARP, 100.2.2.9/25 > >>> > >>> Now, I tried to make a NAT: > >>> + 100.2.2.9:53 forwards to 192.168.1.20:53 > >>> + A firewall rule is automatically created > >>> > >>> However, all attempts to contact the DNS Server via 100.2.2.9:53 fail. > >>> > >>> If I try ping-ing an external IP address from the DNS Server > >>> (192.168.1.20), it works. > >>> > >>> Where did I go wrong? > >>> > >>> -- > >>> Pandu E Poluan > > > > I may be wrong, but shouldn't the VIP be a /32 not a /25? > > -- -- Pandu E Poluan - IT Optimizer My website: http://pandu.poluan.info/ --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
