> > 1. I changed the VIP to a .29 (like my public IP's)
>
>
>
> Just checking: do you mean /29 (subnet mask), or .29 (IP address)
Indeed.
>
> You have an internet connection with 5 IPs assigned to you:
> 75.149.56.{27..31}.
>
75.149.56.25 - .29
> You have a pfSense router. Its WAN interf
> -Original Message-
> OK, the latest steps, I also called Comcast and asked to clear the
> ARP entries/table and they were confused, but Level 2 techs knew and
> they said call them if I need it done again.
> 1. I changed the VIP to a .29 (like my public IP's)
Just checking: do you mean /
The "DNS rebind attack" warning means that you are getting to the
firewall's web site instead of your server.
The subnet you are using when you set the address must be the same as for
the rest of your LAN. Since your LAN has a /24 subnet (192.168.1.1 -
192.168.1.255), your server will not know ho
Hi Guys,
OK, the latest steps, I also called Comcast and asked to clear the ARP
entries/table and they were confused, but Level 2 techs knew and they said call
them if I need it done again.
1. I changed the VIP to a .29 (like my public IP's)
2. I plugged the NIC in the server that is answering
Hi Tibir,
> > I changed to IP Alias rather than ARP.
> >
> > I put each of my static IP's on the WAN Interface, 1 at a time, saved
> > and reloaded and pinged it from the LAN (which is where this server is
> > I want to hit as well)
>
> I think you have to change the subnet mask used on your VIP
On 17/02/2012 04:59, Jason T. Slack-Moehrle wrote:
Hi Guys,
I changed to IP Alias rather than ARP.
I put each of my static IP's on the WAN Interface, 1 at a time, saved
and reloaded and pinged it from the LAN (which is where this server is
I want to hit as well)
I still cannot seem to get this
On Thu, Feb 16, 2012 at 10:59 PM, Jason T. Slack-Moehrle
wrote:
> Hi Guys,
>
> I changed to IP Alias rather than ARP.
>
> I put each of my static IP's on the WAN Interface, 1 at a time, saved
> and reloaded and pinged it from the LAN (which is where this server is
> I want to hit as well)
>
> I st
Jason T. Slack-Moehrle
> Sent: 16 February 2012 01:04
> To: list@lists.pfsense.org
> Subject: [pfSense] creating a 1:1 NAT WAN to DMZ
>
> Hi All,
>
> My struggle continues.
>
> So basically:
> 1. I have 5 IP's from Comcast in a /29.
> 2. I want my firewa
ating a 1:1 NAT WAN to DMZ
Hi All,
My struggle continues.
So basically:
1. I have 5 IP's from Comcast in a /29.
2. I want my firewall assigned 75.149.xx.25 but want it to answer for my entire
/29.
3. Create a 1:1 NAT for each public IP except .25. (so .26, .27, .28, .29, etc)
4. Open Port
Creating a MIP or 1to1 NAT alone does not automatically make it pingable.
you'd also need to create rules to forward ICMP and have a device alive
behind it to return the packets.
or did I miss something here?
On Wed, Feb 15, 2012 at 10:32 PM, Jason T. Slack-Moehrle <
slackmoeh...@gmail.com> wrote
ah, I see. I will try this in the morning and report back.
--
Jason T. Slack-Moehrle
On Wednesday, February 15, 2012 at 6:12 PM, Yehuda Katz wrote:
> On Wed, Feb 15, 2012 at 8:57 PM, Jason T. Slack-Moehrle
> mailto:slackmoeh...@gmail.com)> wrote:
> > > > Can anyone shed some light on what is
No, I have that server bypassing the pfsense box so that it stays live.
--
Jason T. Slack-Moehrle
On Wednesday, February 15, 2012 at 7:03 PM, Moshe Katz wrote:
> Is this the setup you have right now (or have you plugged in some other
> router/firewall for now) because I can get to the web si
Is this the setup you have right now (or have you plugged in some other
router/firewall for now) because I can get to the web site at the address
in the screenshots.
Moshe
--
Moshe Katz
-- mo...@ymkatz.net
-- +1(301)867-3732
On Wed, Feb 15, 2012 at 8:04 PM, Jason T
On Wed, Feb 15, 2012 at 8:57 PM, Jason T. Slack-Moehrle
wrote:
> HI Yehuda;
>
>> On Wed, Feb 15, 2012 at 8:04 PM, Jason T. Slack-Moehrle
>> mailto:slackmoeh...@gmail.com)> wrote:
>> > Hi All,
>> >
>> > My struggle continues.
>> >
>> > So basically:
>> > 1. I have 5 IP's from Comcast in a /29.
>>
On Wed, Feb 15, 2012 at 8:57 PM, Jason T. Slack-Moehrle <
slackmoeh...@gmail.com> wrote:
> > > Can anyone shed some light on what is going on? I just cannot simply
> get to the server after doing this.
> > >
> > We had a similar issue on Verizon. We allowed all ICMP PINGas through
> the firewall a
HI Yehuda;
> On Wed, Feb 15, 2012 at 8:04 PM, Jason T. Slack-Moehrle
> mailto:slackmoeh...@gmail.com)> wrote:
> > Hi All,
> >
> > My struggle continues.
> >
> > So basically:
> > 1. I have 5 IP's from Comcast in a /29.
> > 2. I want my firewall assigned 75.149.xx.25 but want it to answer for my
(Sorry for top posting)
We had a similar issue on Verizon. We allowed all ICMP PINGas through the
firewall and tried to ping each address. The primary (assigned to the
pfsense) responded and the others did not. It seems that the pfSense was
not properly picking up the ARP requests unless is was th
Hi All,
My struggle continues.
So basically:
1. I have 5 IP's from Comcast in a /29.
2. I want my firewall assigned 75.149.xx.25 but want it to answer for my entire
/29.
3. Create a 1:1 NAT for each public IP except .25. (so .26, .27, .28, .29, etc)
4. Open Port 80 (and a few others) to .27 (th
Here is a summary of my setup.
I have Virtual IPs (of type ProxyARP) for each of my IPs as you mentioned.
71.xxx.xx.83/32
71.xxx.xx.84/32
...
71.xxx.xx.84/32
Do not put a Virtual IP for the address that you gave to the firewall
itself (in my case .82).
Make sure that the Virtual IPs are on the WAN
Hi Moshe,
> I created an alias with the INTERNAL addresses of all web servers. The key
> is that these are the INTERNAL addresses, not the external addresses. I
> have similar aliases and rules for HTTPS and all other needed ports.
OK, I have done everything that we talked about and I am still
Moshe,
These are great.
Can you show me a rule that takes traffic on Port 80 from a public IP
to a 1:1 NAT?
I still cannot get these to work.
-Jason
On Sun, Feb 12, 2012 at 3:04 PM, Moshe Katz wrote:
> On Sun, Feb 12, 2012 at 5:37 PM, Jason T. Slack-Moehrle
> wrote:
>>
>> > When I create a 1
> When I create a 1:1 NAT I am confused as to which interface, internal
> IP and Destination. I am confused because the use of "internal IP" is
> making me thing that my DMZ address would go there.
>
> Example 1:1 NAT from 75.xx.xx.25 to 10.xx.xx.25
>
> I guess Internal IP would be the 75.x.x.25 ad
Hi All,
Per Comcast's advice I need to create a 1:1 NAT for my public's to private IP's
So on my DMZ I created a 10.x.x.1/29 (since I have 5 public IP's too)
I am going to keep the same IP scheme to clarity. Meaning my public
range is 75.xx.xx.25 - .29.
When I create a 1:1 NAT I am confused as t
23 matches
Mail list logo