Firewall Rules should look something like this... TCP | * | * | 192.168.1.10 | 80 (HTTP| * | | NAT HTTP to 1st server TCP | * | * | 192.168.1.11 | 80 (HTTP| * | | NAT HTTP to 2nd server TCP | * | * | 192.168.1.12 | 80 (HTTP| * | | NAT HTTP to 3rd server
NAT rules should look something like this... WAN | TCP | 80 (HTTP) | 192.168.1.10 (ext.: x.x.x.126) | 80 (HTTP) HTTP to 1st server WAN | TCP | 80 (HTTP) | 192.168.1.11 (ext.: x.x.x.127) | 80 (HTTP) HTTP to 2nd server WAN | TCP | 80 (HTTP) | 192.168.1.12 (ext.: x.x.x.128) | 80 (HTTP) HTTP to 3rd server Virtual IPs should look something like this... x.x.x.127 | CARP | VIP1 x.x.x.128 | CARP | VIP1 note... the 126 IP in this case is attatched to the WAN interface. If you create your rules from the NAT configuration, they will show up like this (easy as pie). Let me know what it looks like on your end. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Tue, Mar 3, 2009 at 6:53 AM, Matthias Niggemeier <[email protected]> wrote: > Von: Abdulrehman [mailto:[email protected]] > > Gesendet: Dienstag, 3. März 2009 07:16 > > An: [email protected] > > Betreff: Re: [pfSense Support] Not all Virtual IP's forwarding correctly > > > >> Don't confuse guys up here...! > > > >> 1. where your IP is blocked...at ISP end or somewhere on internet..? > > > > Don't be confused... he has a "block of IP addresses"; what he wants to say > is a "range of addresses" (i.e. his ISP gave him a subnet with official > addresses) > > > >> 2. "The second set and its port forwarding work with out issue (port > > > > He forwards port 80 of to an internal server > > > >> 3. "Now I do have port 80 forwarded to different servers depending on the >> ip on the WAN port"...what does it mean....? > > > > As I understand it, he wants to have multiple IPs on the WAN side and > forward port 80 to different internal servers depending on which WAN IP the > request was received. > > I don't think he can do this through the gui, maybe some config.xml-hacking > does the trick. > > > > Paul, in the subject you talk about "Virtual IPs". Please read the manual; > the "Virtual IP"-Settings in the pfsense-GUI are not what you believe you > understood. A VIP is NOT a second address for an Interface as you need it. > You can make a backup of your config, edit the resulting xml file and > restore it (search the web; there is a howto in pfsense.org). > > I haven’t done port forwarding yet, so I cannot help you at this point. > > > > Regards > > > > Matthias > > > > > > On Tue, Mar 3, 2009 at 7:40 AM, Paul <[email protected]> wrote: > > We have a block ip address from our provider. The main ip for our > > network and its port forwarding works well. I created 2 virtual > > ip's. The second set and its port forwarding work with out issue (port > > 80) that go to another server. The 3rd virtual ip I created > > partially works. SSH works. I then forwarded 80 with it and it does not > > work. I can pull up the webpage internally though. Now I do have port 80 > > forwarded to different servers depending on the ip on the WAN port. What > > do I need to provide to see why its not working for help > > > > Thanks > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > Commercial support available - https://portal.pfsense.org > > > > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
