Hi Scott, thank you. Yeah you are right, the ARP addresses messed up. I had another issue associated with outbound NAT. My WAN interface uses a Public IP (IP-1) with one Virtual IP defined as 10.1.2.1. I had a number of servers connected to the WAN interface but using private Ips 10.1.2.x. I wish that all outbound packets to be NATed through IP-1 with exception to packets with 10.1.2.x destination. All outbound packets with 10.1.2.x destination is to be NATed through the Virtual IP 10.1.2.1.
What I did: 1. Uncheck "Block Private Network" and "Clock Bogon Network" for the WAN interface 2. Define Virtual IP 10.1.2.1 3. Enable Advanced NAT. After enable Advance NAT, I modify the auto-created rule and modify the destination section to exclude 10.1.2.x destination IP so that it is not NATed through the "interface address". 4. I created a new rule to NAT (NAT IP: 10.1.2.1) all outbound packets with destination of 10.1.2.x. Nothing happened after I did the above configuration. I check the status and obtained the result below: 1. The request to 10.1.2.x passed through the LAN interface without blocked by firewall rule (I can see from system log) 2. The States reflected that it is properly NATed but with SYN_SENT:CLOSED (as below:) tcp 192.168.2.30:2479 -> 10.1.2.1:65471 -> 10.1.2.80:21 SYN_SENT:CLOSED 3. When I tried to capture the packets from the WAN interface with a host adress of 10.1.2.1, nothing was captured. It seems to me that the outbound 10.1.2.1-NATed packets did not make it to the WAN interface. Is that right? Can this kind of application be supported? Regards, Kelvin -----Original Message----- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, February 01, 2007 1:25 AM To: [email protected] Subject: Re: [pfSense Support] Virtual IP and Port Forwarding - SNAPSHOT 1.01 On 1/31/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote: > > > Hi, I am getting very miserable in trying to get Virtual IP and Port > Forwarding to work. Can anyone managed to get it work enlighten me? > > Some background information. My WAN interface uses 10.1.1.1/24, LAN > interface is configured with 192.168.2.1/24. I have a web server (of > IP > 192.168.2.100) in the network which I wish to be reached from the WAN > segment using the IP address 10.1.1.2. And these are what I did: > > 1. I created a Virtual IP of 10.1.1.2 > 2. I created a Port Forwarding that forward HTTP packets to 10.1.1.2 > (10.1.1.2 () external address) to 192.168.2.100 (the NAT IP). I had > "auto-creation of firewall rule" checked. > > When I attempt to go to http://10.1.1.2, nothing happened. So I did > some check on status and log, and my findings were: 1. The states > indicated a request "192.168.2.100:80 <- 10.1.1.2:80 <-10.1.1.5:1508" > 2. The firewall log reflected the following: > > Act = Green Arrow Sign > Time = Feb 1 00:32:59 > If = WAN > Source = 10.1.1.5:1511 > Destination = 192.168.2.100:80 > Proto = TCP > > Correct me if I am wrong, the above status seem to indicated that the > Port Forwarding functioned and the Firewall rules also permit the > packet to come in. But I don't get anything from http://10.1.1.2. Is > there something I have done or I have not done? Reset the arp table upstream on the router. Or reboot the cable modem, whatever the device may be. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
