Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
NAT with multiple public ip
« previous
next »
Print
Pages: [
1
]
Author
Topic: NAT with multiple public ip (Read 6616 times)
miclan
Newbie
Posts: 27
Karma: 1
NAT with multiple public ip
«
on:
February 21, 2018, 03:20:55 pm »
I upgraded from 17.x to 18.1.2 and everything is OK except one thing: now all lan computers use different public IP (I have 8 public ip).
With 17.x all lan computers use as public ip (checked with
http://www.whatsmyip.org/
) the one I gave to the WAN interface. After the upgrade they start use randomly all the 8 ip.
What's changed?
How can I obtain the same behavior as before?
Thanks.
Logged
slackadelic
Full Member
Posts: 145
Karma: 9
Re: NAT with multiple public ip
«
Reply #1 on:
February 21, 2018, 03:27:13 pm »
You should be able to adjust you outbound NAT rule to tie to the specific IP/Alias in question that you want them to come from.
Logged
marjohn56
Hero Member
Posts: 1699
Karma: 179
Re: NAT with multiple public ip
«
Reply #2 on:
February 21, 2018, 03:30:00 pm »
How are you defining your WAN IP's, I have 8 public IP's too, some are 1:1 natted to internal servers, some are not used, but the ones that are natted use the correct WAN IP for outgoing and the rest of the LAN devices use the primary gateway WAN.
Are you manually using ifconfig to add the WAN addresses?
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
miclan
Newbie
Posts: 27
Karma: 1
Re: NAT with multiple public ip
«
Reply #3 on:
February 21, 2018, 04:31:53 pm »
Thanks Dominian, now (as before with 17.x) on outbound NAT I have "Automatic outbound NAT rule generation (no manual rules can be used)".
@marjohn56 It's exactly my situation, the only difference is that since I upgraded to 18.1.2 my LAN devices doesn't use the primary gateway WAN ip address for outgoing, but they change continually ip chosen from the 8 public ip the service provider gave me.
What's the solution to have LAN devices using the same IP for outgoing?
Thanks
Logged
marjohn56
Hero Member
Posts: 1699
Karma: 179
Re: NAT with multiple public ip
«
Reply #4 on:
February 21, 2018, 04:45:52 pm »
Can you do an ifconfig and post the results, mask or change any public IP's before you post them.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
miclan
Newbie
Posts: 27
Karma: 1
Re: NAT with multiple public ip
«
Reply #5 on:
February 21, 2018, 05:02:03 pm »
ifconfig
em0: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
ether 00:18:71:ea:64:44
hwaddr 00:18:71:ea:64:44
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWTSO>
ether 00:23:7d:fc:7d:e6
hwaddr 00:23:7d:fc:7d:e6
inet 192.168.200.1 netmask 0xffffff00 broadcast 192.168.200.255
inet6 fe80::223:7dff:fefc:7de6%em1 prefixlen 64 scopeid 0x2
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWTSO>
ether 00:23:7d:fc:7d:e7
hwaddr 00:23:7d:fc:7d:e7
inet 192.168.250.1 netmask 0xffffff00 broadcast 192.168.250.255
inet6 fe80::223:7dff:fefc:7de7%em2 prefixlen 64 scopeid 0x3
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
bce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c00bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE>
ether 00:1c:c4:42:04:e2
hwaddr 00:1c:c4:42:04:e2
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::21c:c4ff:fe42:4e2%bce0 prefixlen 64 scopeid 0x4
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
bce1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c00bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE>
ether 00:1c:c4:42:14:d4
hwaddr 00:1c:c4:42:14:d4
inet xx.xx.xx.8 netmask 0xfffffff8 broadcast xx.xx.xx.9
inet xx.xx.xx.5 netmask 0xfffffff8 broadcast xx.xx.xx.9
inet xx.xx.xx.6 netmask 0xfffffff8 broadcast xx.xx.xx.9
inet xx.xx.xx.7 netmask 0xfffffff8 broadcast xx.xx.xx.9
inet6 fe80::21c:c4ff:fe42:14d4%bce1 prefixlen 64 scopeid 0x5
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
enc0: flags=41<UP,RUNNING> metric 0 mtu 1536
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: enc
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
pflog0: flags=100<PROMISC> metric 0 mtu 33160
groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
groups: pfsync
syncpeer: 0.0.0.0 maxupd: 128 defer: off
ovpns1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet6 fe80::218:71ff:feea:6444%ovpns1 prefixlen 64 scopeid 0xa
inet 10.0.8.1 --> 10.0.8.2 netmask 0xffffffff
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: tun openvpn
Opened by PID 46635
Logged
marjohn56
Hero Member
Posts: 1699
Karma: 179
Re: NAT with multiple public ip
«
Reply #6 on:
February 21, 2018, 05:44:59 pm »
Multiple IP's showing on the WAN.... I saw a similar thing happen with mine whilst I was messing around adding the extra WAN IP's to my system using ifconfig alias blah blah, this was whilst looking at an issue raised long ago. Franco has done some work on this, and there is no need to do what I was attempting to do.
Back to your system, Try doing it the way I do it, for example, two of my external IP's are used for my mail server and a Web server. For these I use 1:1 NAT, no port forwards, as the 1:1 as already doing that and I just set up firewall rules to only allow the ports through to those addresses that I want, so for example my web server, it's just 80 and 443.
So remember I have a 1:1 NAT for that Web server and the mail server.
External IP *.*.*.181, Internal IP 192.168.1.32, Destination any
I have a WAN rule for it, this is to allow only the ports through I want, and to stop 'plonkers' from trying to hack it, I use Geo blocking and a 'plonkers' alias list to stop unwanted attention. This is my rule for the web server,
WAN RULE
Source Any, Port Any, Protocol TCP, Destination 192.168.1.32, Dest Port Range from 'web_server_ports' to 'web_server_ports', I use an Alias 'web_server_ports' here to specify the two ports 80 and 443.
Now my mail server is very similar in setup, more ports but that is really the only difference. I have separate rules for V6, for the simple reason it's easier for me to see it quickly.
Now the Virtual IP's...
In Virtual IP's, I have an IP Alias for three of my eight external IP's the primary IP *.*.*.182 is not there as that is the WAN static IP, so in Virtual IPs: Settings for the three entries
Type IP Alias
Interface WAN
Address *.*.*.181 /32
Address *.*.*.180 /32
Address *.*.*.178 /32
Now, try setting it up like that, using 1:1 NAT, back up your config first so you can revert to it if you need to.
Note, my ifconfig does NOT show any of my aliases, but they all work.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
NAT with multiple public ip