Hi All,

I am facing a weird case while doing some migration on my firewall (pfSense), i do not know if this should be on firewall or networking.

internet
|
|
switch (3com) manageable switch
| |
| |
| |
server1(public ip) [firewall (public ip)]

This is my initial scenario, due to i have lots of servers but they are not consolidating, maintaining all the firewall rules for each of the servers is a nightmare for my SAs. So, we decided to migrate all the servers (which uses public ip) to the back of the firewall. Making it look like :

internet
|
|
firewall(public ip)
|(private ip)
|
|
switch(3com) manageable switch
|
|
|
server1(private ip)

From the diagram 1 migrating to diagram 2, the only thing i need to do is to change the server1's ip address/dns/gateway from the public ip to private ip, then in my firewall, i'll use 1:1 mapping and put the original public ip of the server to firewall (simple as that).

The problem comes :-

When i change my server1 to use private ip (i can ping the firewall private ip gateway and other private ip servers) but i can't ping outside (can ping google, but only resolving its ip but cannot reach outside).

At the same time, my colleague from office cannot ping/ssh in to my server1(which has switched to private ip).

But, if we ssh in to other server(also using private ip) and jump in to server1, it can. Just from public ip, it can't.

One more hint, few hours later (around 4 hours), outside can use public ip to ping/ssh and so as the server1 can reach outside world.

Well, has anyone come across this case?? Did i miss anything?? This is quite critical and i'm not able to provide a solid solution to solve this. These servers are production servers, i can't afford to 'down' it for 4 hours till outside world can reach it again.

regards,
GS

What do your iptables rules look like on the firewall? Do you have forwarding enabled? Everything set up correctly in your routing table?