----- Original Message ----- From: "Matthew Lenz" <[EMAIL PROTECTED]> To: "pfsense" <[email protected]> Sent: Wednesday, July 27, 2005 3:42 PM Subject: Re: [pfSense-discussion] multipe ips on the wan interface?
> I should have said > > 1. add virtual ip (am I supposed to beable to select the cidr? it greys out > and is set to /32) > 2. add NAT: Port Forwarding entry using WAN, the virtual ip in step 1, tcp, > from 80, my servers private ip, local port 80, checked auto add firewall > rule. > 3. reverified that virtual ip, nat and rule entries are all present. > > ok it works this time.. the difference? bug :) > > if you click proxy arp and then click CARP it gives you a ungreyed CIDR drop > down. I set it to /27 which is what my firewalls WAN interface is set to > (and it must have accepted it). If you DON'T set the CIDR it works fine. > atleast thats what I think happened. just to clarify..if you click proxy arp.. then carp.. and then back to proxy arp again.. I didn't add a CARP vip just was poking around prior to actually adding the proxy arp vip. I don't know much about networking so when presented with the cidr drop down I set it to the same as the wan interface's cidr initially. > another possible bug. when adding new interfaces with by clicking the + on > the assign screen the firewall webgui times if you don't wait several > seconds before attempting to click another + to add another interface. > > ----- Original Message ----- > From: "Bill Marquette" <[EMAIL PROTECTED]> > To: "Matthew Lenz" <[EMAIL PROTECTED]> > Cc: "pfsense" <[email protected]> > Sent: Wednesday, July 27, 2005 3:13 PM > Subject: Re: [pfSense-discussion] multipe ips on the wan interface? > > > On 7/27/05, Matthew Lenz <[EMAIL PROTECTED]> wrote: > > say I want to have multiple ip's on the wan interface so that I can > forward > > http/https for one public ip to a private ip behind the firewall and > > smtp/imap on a different public ip to a another private ip behind the > > firewall. I thought this was what the virtual ip functionality is for. > > Yup, that's what it's for. > > > I added a virtual ip using the WAN interface (using proxy arp cuz it was > the > > default) and used a public ip thats available on the same subnet that the > > firewall's wan ip is on > > So far, this sounds right. > > > and forwarded port 80 to the private ip of my server's port 80. > > Port forwarding? > > > ( I've got outbound nat enabled for the time being for > > this private subnet and all the machines, including the server, on the > > private subnet can get to the internet just fine. ) > > Shouldn't matter. > > > I checked the 'auto add > > firewall rule' checkbox and clicked save. Everything looks cool but when > I > > attempt to access that ip on port 80 from a remote internet site I don't > get > > anywhere. > > Should have worked. It does take a second or two for rule changes to > apply, but this should have worked like a charm. > > > Was this not the procedure I was looking for? Do I instead have to create > > an 'interface' for each public ip and use the same ethernet device for > each? > > Nope, what you did sounds right. > > --Bill >
