Re: [pfSense Support] Not all Virtual IP's forwarding correctly

[Paul]

Firewall                                         GW
TCP * | *   192.168.2.130     80     *      Server 1
TCP * | *   192.168.2.150     80    *       Server 2 
TCP * | *   192.168.2.160     80    *       Server 3  not working
TCP * | *   192.168.2.160     80    *       Server 3  Works fine
NAT Rules

WAN  TCP  80  192.168.2.130  ( ext x.x.x.114)  80  Server 1
WAN  TCP  80  192.168.2.150 (ext x.x.x.115)    80  Server 2
WAN  TCP  80  192.168.2.160 (ext x.x.x.116)    80   Server 3

Virtual IP'
x.x.x.115/32   P ARP
x.x.x.116/32  P ARP

The only difference I see is the virtual ip setup. You have CARP setup 
instead of Proxy ARP.  If it works for SSH on the 3rd server not sure 
why http would be the only one not working.
If it needs CARP  do I need to set the VIP Password , VHID Group, and 
Advertising Freq.

paul

Curtis LaMasters wrote:
Firewall Rules should look something like this...

TCP | * | * | 192.168.1.10 | 80 (HTTP| * |  | NAT HTTP to 1st server
TCP | * | * | 192.168.1.11 | 80 (HTTP| * |  | NAT HTTP to 2nd server
TCP | * | * | 192.168.1.12 | 80 (HTTP| * |  | NAT HTTP to 3rd server

NAT rules should look something like this...

WAN | TCP | 80 (HTTP) | 192.168.1.10 (ext.: x.x.x.126) | 80 (HTTP)
HTTP to 1st server
WAN | TCP | 80 (HTTP) | 192.168.1.11 (ext.: x.x.x.127) | 80 (HTTP)
HTTP to 2nd server
WAN | TCP | 80 (HTTP) | 192.168.1.12 (ext.: x.x.x.128) | 80 (HTTP)
HTTP to 3rd server

Virtual IPs should look something like this...

x.x.x.127 | CARP | VIP1
x.x.x.128 | CARP | VIP1
note... the 126 IP in this case is attatched to the WAN interface.

If you create your rules from the NAT configuration, they will show up
like this (easy as pie).  Let me know what it looks like on your end.

Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com



On Tue, Mar 3, 2009 at 6:53 AM, Matthias Niggemeier <m...@thias.de> wrote:
  
Von: Abdulrehman [mailto:arvagabo...@gmail.com]

Gesendet: Dienstag, 3. März 2009 07:16

An: support@pfsense.com

Betreff: Re: [pfSense Support] Not all Virtual IP's forwarding correctly



    
Don't confuse guys up here...!
      

    
1. where your IP is blocked...at ISP end or somewhere on internet..?
      

Don't be confused... he has a "block of IP addresses"; what he wants to say
is a "range of addresses" (i.e. his ISP gave him a subnet with official
addresses)



    
2. "The second set and its port forwarding work with out issue (port
      

He forwards port 80 of to an internal server



    
3. "Now I do have port 80 forwarded to different servers depending on the
ip on the WAN port"...what does it mean....?
      

As I understand it, he wants to have multiple IPs on the WAN side and
forward port 80 to different internal servers depending on which WAN IP the
request was received.

I don't think he can do this through the gui, maybe some config.xml-hacking
does the trick.



Paul, in the subject you talk about "Virtual IPs". Please read the manual;
the "Virtual IP"-Settings in the pfsense-GUI are not what you believe you
understood. A VIP is NOT a second address for an Interface as you need it.
You can make a backup of your config, edit the resulting xml file and
restore it (search the web; there is a howto in pfsense.org).

I haven’t done port forwarding yet, so I cannot help you at this point.



Regards



Matthias





On Tue, Mar 3, 2009 at 7:40 AM, Paul <joyride...@gmail.com> wrote:

We have a block ip address from our provider. The main ip for our

network and its port forwarding works well. I created 2 virtual

ip's. The second set and its port forwarding work with out issue (port

80) that go to another server. The 3rd virtual ip I created

partially works. SSH works. I then forwarded 80 with it and it does not

work. I can pull up the webpage internally though. Now I do have port 80

forwarded to different servers depending on the ip on the WAN port. What

do I need to provide to see why its not working for help



Thanks





---------------------------------------------------------------------

To unsubscribe, e-mail: support-unsubscr...@pfsense.com

For additional commands, e-mail: support-h...@pfsense.com



Commercial support available - https://portal.pfsense.org










    

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

  


---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org