OPNsense Forum
English Forums => General Discussion => Topic started by: PhreakShow on January 13, 2018, 03:40:20 am
-
Hey guys,
I am trying to get a setup with two routers working. I have an existing OpenWRT router, with a cable modem connected. The problem is, my ISP sucks and I want to have a second WAN for load balancing. I also do not want to alter my existing existing network while testing.
That's why I put a OPNsense with a triple NIC "in front". So the setup looks like this:
internet - OPN (192.168.10.1)
(192.168.10.2) - WRT - (192.168.1.1)
Atm this only works for outgoing traffic. But I want to have at least incoming 443 and 3389 redirected to 192.168.1.2, which is in my original network.
Until now I was of the opinion, that I have to set up the redirect twice. In OPNsense from WAN to 192.168.10.2, and on the OpenWRT box from WAN to 192.168.1.2. But it is not working.
How do I do this properly?
-
Are the packets making it to the destination through the two routers?
Have a look at the routing tables on all the three devices (OPNsense, WRT, destination) and make sure that the traffic will flow the same route in and out.
Wireshark is your friend.
Bart...
-
So the general idea is correct? Just a simple port forward in both routers?
On the target machine, there is no activity at port 443 after enabling forwards in both routers.
Edit: I am able to see the packets between both routers. I removed the second router, put a notebook with the same IP there and ran wireshark. The packets did show up.
-
Yes, there is no problem at all with traffic going through multiple routers. Some protocols don't play well with more than one NAT, but routing is fine.
The complexity introduced by your second WAN connection is likely to have more of an influence. You just need to make sure that the packets are allowed to go both ways and are directed down the right path every time they pass through a router.
Bart...
-
I found the problem.
Turned out, it was a bad setting in the OPNsense NAT tab. Under "destination", I put the LAN address. As soon as I changed it to WAN address, it worked right away. The second router just made it more difficult to find the problem.
Thanks.