I’ve done this, but I won't route traffic out (NAT) until I have verifiable traffic coming in.
The x.2 IP simply will not ICMP ping from outside the network (and, yes, I have it allowed). On Mar 3, 2014, at 4:16 AM, Bryan D. <pfse...@derman.com> wrote: > If I understand your requirements, to go out a VIP, you need to create a NAT > rule where the NAT Address is the VIP's IP. There are some limitations with > VIPs but they can all be NAT'd: > https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses? > > I've pretty much always used Manual Outbound NAT, so I no longer remember > what's created automatically, etc. > > E.G., when I want to send my desktop's traffic out via one of our static IP > VIPs (tied to the WAN interface) instead of using the normal WAN interface's > static IP, the following Outbound NAT rule takes care of it: > WAN <desktop's IP> * * * <IP of VIP> * NO <description> > > That plus an applicable LAN rule "goes a long way." > > Hope that helps a little. > > _______________________________________________ > List mailing list > List@lists.pfsense.org > http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
