Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Virtual IP mode may not be changed for an existing entry.
« previous
next »
Print
Pages: [
1
]
Author
Topic: Virtual IP mode may not be changed for an existing entry. (Read 1424 times)
gdur
Full Member
Posts: 124
Karma: 2
Virtual IP mode may not be changed for an existing entry.
«
on:
September 30, 2022, 03:22:16 pm »
Does anyone has an idea how to handle this Warning?
A virtual IP on my production OPNSense box needs to be changed to a different mode but is not allowed.
Should I delete this Virtual IP first and than create it anew? Or is there another way...
Logged
Patrick M. Hausen
Hero Member
Posts: 6825
Karma: 573
Re: Virtual IP mode may not be changed for an existing entry.
«
Reply #1 on:
September 30, 2022, 03:26:57 pm »
Quote from: gdur on September 30, 2022, 03:22:16 pm
Should I delete this Virtual IP first and than create it anew?
Yes.
Patrick
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
gdur
Full Member
Posts: 124
Karma: 2
Re: Virtual IP mode may not be changed for an existing entry.
«
Reply #2 on:
September 30, 2022, 03:55:03 pm »
That's a short but clear answer, thanks a lot!
«
Last Edit: September 30, 2022, 04:56:17 pm by gdur
»
Logged
gdur
Full Member
Posts: 124
Karma: 2
Re: Virtual IP mode may not be changed for an existing entry.
«
Reply #3 on:
September 30, 2022, 04:57:37 pm »
Hi Patrick,
As your suggestion didn't result in success here's a modified version of my question:
I've tried that but I can't get what I'm trying to achieve.
I have an IP block of 14 usable IP addresses (/28) and I would like NGINX (on OPNSenese box) to catch traffic from a number of these addresses. These addresses are assigned as Virtual IPs to WAN as IP Alias but if I run a 443 port check on a virtual IP it is closed thus requests are not reaching NGINX. Next I tried to change a Virtual IP from IP Alias to Proxy ARP or Other and neither setting was resulting in opening port 443 on this interface. What needs to be done to make that happen.
(the first available IP address of my IP block which is used to set-up a PPPoE connection does respond to port 443 successfully).
Logged
Patrick M. Hausen
Hero Member
Posts: 6825
Karma: 573
Re: Virtual IP mode may not be changed for an existing entry.
«
Reply #4 on:
September 30, 2022, 06:37:46 pm »
What does your inbound allow rule for port 443 on WAN look like?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
gdur
Full Member
Posts: 124
Karma: 2
Re: Virtual IP mode may not be changed for an existing entry.
«
Reply #5 on:
September 30, 2022, 07:12:09 pm »
Hi Patrick,
The inbound rule is quite generic and works as expected. It allows 443 traffic on the main IP address which is activated through PPPoE and using a port checker it is confirmed to be open on this IP address but its not for the Virtual IPs assigned to WAN. I just did another post regarding NGINX about this problem, hopefully I will get a positive response on that.
Logged
Patrick M. Hausen
Hero Member
Posts: 6825
Karma: 573
Re: Virtual IP mode may not be changed for an existing entry.
«
Reply #6 on:
September 30, 2022, 07:33:20 pm »
You need to explicitly allow your virtual IP addresses, too. Otherwise the connections never reach your Nginx.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
gdur
Full Member
Posts: 124
Karma: 2
Re: Virtual IP mode may not be changed for an existing entry.
«
Reply #7 on:
September 30, 2022, 08:57:49 pm »
Currently the WAN rule is:
Protocol -> IPv4 TCP/UDP
Source -> *
Port -> *
Destination -> WAN address
Port -> 443 (HTTPS)
Gateway -> *
Schedule -> *
Changing Destination with the specific Virtual IP address doesn't help, port is still closed...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Virtual IP mode may not be changed for an existing entry.