Re: [pfSense] Multiple static IPs from one ISP - Virtual IPs? - Trying this again
On 2014-Mar-02, at 11:52 PM, Ryan Coleman ryanjc...@me.com wrote: How do I set up multiple static addresses? I used Virtual IP to create x.2 and I can ping it internally but not externally. I’ve tried using guides I’ve found online but I cannot seem to get them to work. What I want to do is have (for the time being) x.2 to assign out port forward assignments (FTP, SMTP, IMAP, WWW, etc.). Everything points to using Virtual IPs but I cannot seem to gather how they’re supposed to route data out. What am I missing? If I understand your requirements, to go out a VIP, you need to create a NAT rule where the NAT Address is the VIP's IP. There are some limitations with VIPs but they can all be NAT'd: https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses? I've pretty much always used Manual Outbound NAT, so I no longer remember what's created automatically, etc. E.G., when I want to send my desktop's traffic out via one of our static IP VIPs (tied to the WAN interface) instead of using the normal WAN interface's static IP, the following Outbound NAT rule takes care of it: WAN desktop's IP * * * IP of VIP * NO description That plus an applicable LAN rule goes a long way. Hope that helps a little. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Multiple static IPs from one ISP - Virtual IPs? - Trying this again
I’ve done this, but I won't route traffic out (NAT) until I have verifiable traffic coming in. The x.2 IP simply will not ICMP ping from outside the network (and, yes, I have it allowed). On Mar 3, 2014, at 4:16 AM, Bryan D. pfse...@derman.com wrote: If I understand your requirements, to go out a VIP, you need to create a NAT rule where the NAT Address is the VIP's IP. There are some limitations with VIPs but they can all be NAT'd: https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses? I've pretty much always used Manual Outbound NAT, so I no longer remember what's created automatically, etc. E.G., when I want to send my desktop's traffic out via one of our static IP VIPs (tied to the WAN interface) instead of using the normal WAN interface's static IP, the following Outbound NAT rule takes care of it: WAN desktop's IP * * * IP of VIP * NO description That plus an applicable LAN rule goes a long way. Hope that helps a little. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Multiple static IPs from one ISP - Virtual IPs? - Trying this again
PiBA was correct: only the WAN rule is required for pings (learn something new every day!). My testing was via an outside network as pings always work internally, with our setup. Previously you wrote: I’ve done this, but I won't route traffic out (NAT) until I have verifiable traffic coming in. Not sure when it comes to ping response whether that's required, or not (I'm guessing not ... PiBa: do you know for sure?). On 2014-Mar-03, at 1:45 PM, Ryan Coleman ryanjc...@me.com wrote: Everything pings inside… but nothing pings from outside. If I get out of the confines of my subnet I cannot get a response. If I ping from another public server in my subnet it pings on WAN, if I do it from behind the firewall it does it on LAN. But from another server outside: nothing. X.1 pings without an issue on the WAN port. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Multiple static IPs from one ISP - Virtual IPs? - Trying this again
I have packet sniffing going and I have absolutely not evidence data from the ExtraNET is coming into my machines - therefore no verifiable traffic. All ping responses are working from inside my network. On Mar 3, 2014, at 5:37 PM, Bryan D. pfse...@derman.com wrote: PiBA was correct: only the WAN rule is required for pings (learn something new every day!). My testing was via an outside network as pings always work internally, with our setup. Previously you wrote: I’ve done this, but I won't route traffic out (NAT) until I have verifiable traffic coming in. Not sure when it comes to ping response whether that's required, or not (I'm guessing not ... PiBa: do you know for sure?). On 2014-Mar-03, at 1:45 PM, Ryan Coleman ryanjc...@me.com wrote: Everything pings inside… but nothing pings from outside. If I get out of the confines of my subnet I cannot get a response. If I ping from another public server in my subnet it pings on WAN, if I do it from behind the firewall it does it on LAN. But from another server outside: nothing. X.1 pings without an issue on the WAN port. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Multiple static IPs from one ISP - Virtual IPs? - Trying this again
How do I set up multiple static addresses? I used Virtual IP to create x.2 and I can ping it internally but not externally. I’ve tried using guides I’ve found online but I cannot seem to get them to work. What I want to do is have (for the time being) x.2 to assign out port forward assignments (FTP, SMTP, IMAP, WWW, etc.). Everything points to using Virtual IPs but I cannot seem to gather how they’re supposed to route data out. What am I missing? ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list