On Thu, Aug 15, 2013 at 5:27 AM, Andreas Huser <[email protected]> wrote:
> Hi, > > I have a /25 Public Network and want use this for my pfsense 2.1RC. > But I not want put 128 Virtual IP in the PfSense Firewall. I try it with > Virtual IP type „other“ and select „netzwork“ /25. > > Now i create an 1:1 nat rule with an ip adress from this range and i > open an firewall rule. But this not working? Have i an error in reasoning? > > Regards from Germany > Andreas > > > > > Mit freundlichen Grüßen > > Andreas Huser > Geschäftsführer > System Engineer / Consultant > (Cisco Certified Solaris, Linux) > > --------------------------------------- > Zellerstraße 28 - 77654 Offenburg > Tel: +49(781) 1278689 0 > Mobil: +49(176) 10308549 > [email protected] > > > Andreas, First, unless your ISP is already routing the addresses to your pfsense in some other way, you can't really use the "other" type. For our 1-to-1 NAT addresses, we use the "Proxy ARP" type. Try switching the type and seeing if it helps. If that doesn't help, you may have to put all of the addresses in yourself. We had to do it in our case. We have two internet connections, one is T1 with /27 and the other is Fiber with /28. For the T1, we put "207.59.xxx.yyy/27" and it worked. However, when we put in the addresses for the fiber as "71.179.xxx.yyy/28", only the first address worked. We hooked up a computer on a hub between the pfSense and the Fiber interface to do packet capture and found that there was some issue (I don't remember exactly what it was anymore) with the ARP Response packets. When we switched to having each of the addresses entered individually, it started to work properly. I have absolutely no idea why this is the case, and I never had time to look into it further. If you do have to add them all individually, the easiest way is probably to add one, then download a Configuration backup, edit the backup file in a text editor to add the rest of them, and the restore the edited configuration. Moshe -- Moshe Katz -- [email protected] -- +1(301)867-3732
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
