Yeah, this was a case of 'Double-check your settings before sending a ? to the list...' I forgot to re-uncheck this setting when I reset to factory defaults... I should have caught that sooner.
Thanks for the help though! -J On 11/8/07, Sean Cavanaugh <[EMAIL PROTECTED]> wrote: > > Theres an option under System >> Advanced called "Disable NAT > Reflection". Unckeck this option to let you browse internal servers using > the external IP or DNS. > > > > -Sean > > > ------------------------------ > > *From:* Justin Refice [mailto:[EMAIL PROTECTED] > *Sent:* Thursday, November 08, 2007 8:38 PM > *To:* [email protected] > *Subject:* [pfSense Support] VIPs + NAT?? > > > > I've got what appears to be simple question, but for the life of me I > can't figure this one out. > > I've got a pfsense firewall setup between a local subnet (192.168/16) and > my internet provider. The provider has given me two subnets > 11.22.33.192/29 and 11.22.44.16/28. > > The WAN IP is in the larger subnet: 11.22.44.17/28 > > For any given IP in the above subnets, 1 or more IP's exist in the private > domain. Eg: > > 11.22.33.194 port 25 = 192.168.0.2 port 25 > 11.22.33.194 port 80 = 192.168.0.3 port 80 > 11.22.44.17 port 25 = 192.168.0.4 port 25 > > This is all working fine (yay!). The problem is that the private subnet > can't access IP's on the public subnet. So, for example, 192.168.0.2 can > connect to www.google.com just fine. 192.168.0.2 can NOT connect to > 11.22.33.194 > though... the packet just gets dropped somewhere. > > I've got the VIP's setup using Proxy ARP, because there are two subnets > (And apparently CARP requires that the IP exist in the same subnet as the > WAN IP). > > Just as a test, I setup a CARP for 11.22.44.18, and the same problem > exists. > > Basically, it seems like I need to tell the firewall the right rules on > the LAN interface to clear this up... but like I said, I can't figure it > out. > > Thanks for any help, > > Justin >
