I have been banging my head against the wall on this for a couple of days now - thought I had tried everything, but obviously not...
I have the following networking scenario...
ISPs Router Edge (21.34.6.113)
to
My Cisco Router WAN (21.34.6.114/30)
My Cisco Router LAN (209.138.66.217/29)
to
My Office GW/NAT/FW WAN (209.138.66.218/29)
My Office GW/NAT/FW LAN (10.10.111.1/24)
This all works fine - but I am trying to replace the Cisco with a pfSense box. I have ip_forward set to 1 and the following in the routing table:
DESTINATION GW FLAGS INTERFACE
default 21.34.6.113 UGS xl0 (WAN)
21.34.6.112/30 * U xl0 (WAN)
21.34.6.114 * UHS lo0
209.138.66.216/29 * U xl1 (LAN)
209.138.66.217 * UHS lo0
127.0.0.1 * UH lo0
From my 10.10.111.x network I can ping 21.34.6.114 fine, but when I try 21.34.6.113 (or any other public address) it fails - it seems that I cannot get the traffic to pick up the default route ?? Maybe it is finding the default route, but something else is wrong - but I really don't know what to check next (linux novice)
I have checked that the firewall is off (also tried on with everything wide open), NAT is off...
Nothing seems to work - any pointers much appreciated !!
Thanks .. Ken
If NAT is off, by default a packet from a private network (eg your 10.x.x.x network) should be dropped as it is not routable. This is likely what your ISP is doing. If they aren't dropping the packets, their networks still wouldn't know where to send the traffic back to.
You will need to enable NAT so the packet appears to be coming from the 21.34.6.114 address; then your ISP (and the rest of the world) will know how to route the packet back to you.