Do you have a second machine directly connected to 213.x.x.67? If so try to ping .67 and check the local arp table. If .67 shows up on the machine that is trying to ping .67 then you have a firewall/nat/route issue. If it doesn't show up then there is something wrong with the virtual ip.
Let us/me know either way and we'll see what we can do. -----Original Message----- From: Bastian Schern [mailto:[EMAIL PROTECTED] Sent: Monday, August 22, 2005 2:00 PM To: Scott Ullrich Cc: [email protected] Subject: Re: [pfSense Support] Virtual IPs not working I already set up a 1:1 NAT: --- snip --- <nat> <ipsecpassthru/> <advancedoutbound/> <onetoone> <external>213.xxx.xxx.67</external> <internal>192.168.101.67</internal> <subnet>32</subnet> <descr>maja55</descr> <interface>wan</interface> </onetoone> <onetoone> <external>213.xxx.xxx.68</external> <internal>192.168.0.2</internal> <subnet>32</subnet> <descr>lion</descr> <interface>wan</interface> </onetoone> </nat> --- snap --- The Virtual IPs on the WAN side should be forwarded to different LAN Hosts. The internal Virtual IPs should be pingable. The FW should handle 3 Private LANs: 192.168.0.0/24, 192.168.3.0/24 and 192.168.101.0/24. Is this Possible? Regards Bastian Scott Ullrich schrieb: > You cannot ping proxy-arp'd ips unless there are 1:1 NAT setup. > > Is this how your forwarding or using port forward? > > Scott > > > On 8/22/05, Bastian Schern <[EMAIL PROTECTED]> wrote: > >>Hi, >> >>I'm using pfSense Version 0.79.2 and my Virtual IPs are not functional. >> >>--- snip --- >> <virtualip> >> <vip> >> <mode>proxyarp</mode> >> <interface>wan</interface> >> <descr>WAN Subnet</descr> >> <type>network</type> >> <subnet_bits>28</subnet_bits> >> <subnet>213.191.xxx.xxx</subnet> >> </vip> >> <vip> >> <mode>proxyarp</mode> >> <interface>lan</interface> >> <descr>Private LAN</descr> >> <type>single</type> >> <subnet_bits>32</subnet_bits> >> <subnet>192.168.3.1</subnet> >> </vip> >> <vip> >> <mode>proxyarp</mode> >> <interface>lan</interface> >> <descr>AH-P LAN</descr> >> <type>single</type> >> <subnet_bits>32</subnet_bits> >> <subnet>192.168.101.1</subnet> >> </vip> >> </virtualip> >>--- snap --- >> >>It's not possible to ping any Virtual Interface. Most important thing is >>to get the external IPs back to work. Because all of them should be >>forwarded to Webserver, Mailserver, ... >> >>Regards >> Bastian >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
