Virtual wan static ips not working

[unicomaz]

I tried to configure virtual ip /29 on opnsense 2.7 
But only wan ip seem to work all othe ips are nor functioning.
I want to assing one ip to a webserver with port forward to lan ip port 80/443 but not successful.
Any body can lead me towards right steps..
Thx

[viragomann]

How did you detect this? On inbound or outbound?

If you cannot reach your webserver from outside sniff the traffic on WAN to check if the packets even arrive.

[unicomaz]

thx for reply,
I parked the IP /29 in Virtual IP and tried to port forward ports 80/443 to an internal server but when checking the ports these ports are still closed.

[Patrick M. Hausen]

It would help if you showed your virtual IP configuration and your port forwarding rules  ;)

[viragomann]

As mentioned, sniff the traffic on WAN, while you try to access the IP and you will instantly know, if it even works on the outside and can go further.

[unicomaz]

Hi Patrick, Thx for reply. But I don't know how to show virtual IP configuration and your port forwarding rules. I can take snaps but cant find another way to get it. the rules were auto generated by NAT

[unicomaz]

As mentioned, sniff the traffic on WAN, while you try to access the IP and you will instantly know, if it even works on the outside and can go further.

Thx a lot but How to sniff the wan traffic?

[viragomann]

Thx a lot but How to sniff the wan traffic?

Interfaces > Diagnostic > Packet Capture
Select the WAN, state the source IP if you know and the destination port  Start the capture and try to acces from outside. The display the result.

[Patrick M. Hausen]

Hi Patrick, Thx for reply. But I don't know how to show virtual IP configuration and your port forwarding rules. I can take snaps but cant find another way to get it. the rules were auto generated by NAT

You created the individual addresses of your /29 on WAN as virtual IPs, didn't you? Well, if you did not, that explains why it's not working  ;) Look into Interfaces > Virtual IPs.

If you did, there might be something wrong with it, so just post a screenshot, please.

The NAT rules are supposed to go in Firewall > NAT > Port  Forwarding. Again, these are of course necessary, so you did create them, right? Same as with the virtual IPs - something's wrong, so screenshots, please.

How are we supposed to tell what's wrong with your setup if you don't show us the actual setup?

[unicomaz]

I did enter each ip address in virtual IP

Search
IP Alias       
Address
VHID
Interface  WAN
Type
Description
Commands
   xx.xx.xx.65/29       WAN   IP Alias   Firewall    
   xx.xx.xx.66/29       WAN   IP Alias   Webserver    
   xx.xx.xx.67/29       WAN   IP Alias   Spare    
   xx.xx.xx.68/29       WAN   IP Alias   Spare 2    
   xx.xx.xx.69/29       WAN   IP Alias   Spare 3    

[unicomaz]

Here are the screen Shorts

[viragomann]

Your NAT rules only show forwarding of the WAN address.
Note, that WAN address is strictly interface IP, nothing else.

If you want to forward traffic destined to any of the VIPs you have to set the VIP as destination in the rule.

[unicomaz]

Its working now my mistake I forget filter rule associated.

[Patrick M. Hausen]

Create an alias for each single IP, use that alias as destination address in the inbound NAT port forward rule.

See next post instead.

[viragomann]

If you have added each IP as virtual, as you wrote above, you should find them in the destination drop-down in a port forwarding rule.