> > 1. I changed the VIP to a .29 (like my public IP's)
>
>
>
> Just checking: do you mean /29 (subnet mask), or .29 (IP address)
Indeed.
>
> You have an internet connection with 5 IPs assigned to you:
> 75.149.56.{27..31}.
>
75.149.56.25 - .29
> You have a pfSense router. Its WAN interface is set to 75.149.56.27.
.25
> (If
> so this may be part of the problem: 6colors.net (http://6colors.net) resolves
> to .27, are you
> sure you want the pfSense box *itself* responding on that IP address?
> This can be done, but I don't think this is what you're trying to
> accomplish.)
> So, let's assume you set pfSense's WAN interface to 75.149.56.28 - it can
> be any of your assigned IPs, doesn't matter which.
> You would then create Virtual IPs for the other five public IPs:.
> On those VIPs: type=CARP, i/f=WAN, IP=75.149.56.{27,29,30,31}/[match the
> WAN mask], Password=irrelevant, VHID=irrelevant, Freq=irrelevant. (Note:
> those are NOT irrelevant if you set up redundant firewalls!)
> Then in Firewall->Nat->1:1, you would create one entry per VIP.
> (Technically you could do one entry for the range, but I don't recommend
> it for clarity's sake.)
> On those NAT rules: Interface=WAN, External=75.149.56.{27,29,30,31},
> Internal=192.168.1.{27,29,30,31}, Destination=any, NAT reflection=enable.
> Then in Firewall->Rules->[either Floating or WAN], add the necessary rules
> to permit inbound connections:
> On those FW rules: Action=pass, Intf=WAN, Proto=any, Src=any,
> Dst=192.168.1.{27,29,30,31}
> ...and you should be done.
>
> Compared to my bare-bones explanation, what are you doing differently?
> (Aside from my possibly not remembering your range of assigned IPs
> correctly, that is. You mention a subnet mask of 255.255.255.248, which
> would actually allow IPs of .25 through .30. Oh well, you can do a mental
> search-and-replace on my comments above.)
>
> My best guess is that you created a VIP of type ifAlias, and you don't
> have the correct 1:1 NAT entry. Or the correct port-forwarding entries,
> which should also work. Or you're trying to overload pfSense's main WAN
> IP address and don't have the port-forwarding done right. If this is what
> you're trying to do, deliberately, let us know - there are some additional
> gotchas in this scenario.
Adam, yes I have IPAlias as that is what someone mentioned to me to change to
rather than CARP IIRC.
Let me go through this again step by step.
I will report back with screen shots again.
-Jason
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
