On 7/27/05, Matthew Lenz <[EMAIL PROTECTED]> wrote: > ----- Original Message ----- > From: "Matthew Lenz" <[EMAIL PROTECTED]> > To: "pfsense" <[email protected]> > Sent: Wednesday, July 27, 2005 3:42 PM > Subject: Re: [pfSense-discussion] multipe ips on the wan interface? > > > > I should have said > > > > 1. add virtual ip (am I supposed to beable to select the cidr? it greys > out > > and is set to /32) > > 2. add NAT: Port Forwarding entry using WAN, the virtual ip in step 1, > tcp, > > from 80, my servers private ip, local port 80, checked auto add firewall > > rule. > > 3. reverified that virtual ip, nat and rule entries are all present. > > > > ok it works this time.. the difference? bug :) > > > > if you click proxy arp and then click CARP it gives you a ungreyed CIDR > drop > > down. I set it to /27 which is what my firewalls WAN interface is set to > > (and it must have accepted it). If you DON'T set the CIDR it works fine. > > atleast thats what I think happened. > > just to clarify..if you click proxy arp.. then carp.. and then back to proxy > arp again.. I didn't add a CARP vip just was poking around prior to actually > adding the proxy arp vip. I don't know much about networking so when > presented with the cidr drop down I set it to the same as the wan > interface's cidr initially. > > > another possible bug. when adding new interfaces with by clicking the + on > > the assign screen the firewall webgui times if you don't wait several > > seconds before attempting to click another + to add another interface. > > > > ----- Original Message ----- > > From: "Bill Marquette" <[EMAIL PROTECTED]> > > To: "Matthew Lenz" <[EMAIL PROTECTED]> > > Cc: "pfsense" <[email protected]> > > Sent: Wednesday, July 27, 2005 3:13 PM > > Subject: Re: [pfSense-discussion] multipe ips on the wan interface? > > > > > > On 7/27/05, Matthew Lenz <[EMAIL PROTECTED]> wrote: > > > say I want to have multiple ip's on the wan interface so that I can > > forward > > > http/https for one public ip to a private ip behind the firewall and > > > smtp/imap on a different public ip to a another private ip behind the > > > firewall. I thought this was what the virtual ip functionality is for. > > > > Yup, that's what it's for. > > > > > I added a virtual ip using the WAN interface (using proxy arp cuz it was > > the > > > default) and used a public ip thats available on the same subnet that > the > > > firewall's wan ip is on > > > > So far, this sounds right. > > > > > and forwarded port 80 to the private ip of my server's port 80. > > > > Port forwarding? > > > > > ( I've got outbound nat enabled for the time being for > > > this private subnet and all the machines, including the server, on the > > > private subnet can get to the internet just fine. ) > > > > Shouldn't matter. > > > > > I checked the 'auto add > > > firewall rule' checkbox and clicked save. Everything looks cool but > when > > I > > > attempt to access that ip on port 80 from a remote internet site I don't > > get > > > anywhere. > > > > Should have worked. It does take a second or two for rule changes to > > apply, but this should have worked like a charm. > > > > > Was this not the procedure I was looking for? Do I instead have to > create > > > an 'interface' for each public ip and use the same ethernet device for > > each? > > > > Nope, what you did sounds right. > > > > --Bill
Hmmm, I should have asked this earlier, what version are you running? That sounds suspiciously like a bug I fixed (or at least I thought I fixed). I'll test those steps out again tonight. Just to be clear, it works now? Or it still doesn't work, but the screens show the right thing? --Bill
