OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: everfree on February 02, 2021, 04:16:02 am

Title: NAT reflection for 1:1 not working
Post by: everfree on February 02, 2021, 04:16:02 am

https://github.com/opnsense/core/issues/4469

this issus still in 21.1

Title: Re: NAT reflection for 1:1 not working
Post by: mimugmail on February 02, 2021, 05:50:08 am

Remove BINATs, enable all reflections in Firewall : Settings : Advanced, add BINAT again and set Reflection there on enabled instead of systm default.

Then post your rdr's from /tmp/rules.debug

Title: Re: NAT reflection for 1:1 not working
Post by: everfree on February 02, 2021, 06:27:20 am

hi Michael,

I follow your step, now it's only one 1:1 rules, but rdr show many rules

Code: [Select]

binat on igb0 from 192.168.170.96 to any -> 163.22.170.96
rdr on ixl0 from {any} to {163.22.170.96} -> {192.168.170.96} bitmask
rdr on ixl1 from {any} to {163.22.170.96} -> {192.168.170.96} bitmask
rdr on lo0 from {any} to {163.22.170.96} -> {192.168.170.96} bitmask
rdr on ixl3 from {any} to {163.22.170.96} -> {192.168.170.96} bitmask
rdr on ixl2 from {any} to {163.22.170.96} -> {192.168.170.96} bitmask
nat on ixl0 inet from (ixl0:network) to {192.168.170.96} -> (ixl0) port 1024:65535
nat on ixl1 inet from (ixl1:network) to {192.168.170.96} -> (ixl1) port 1024:65535
nat on lo0 inet from (lo0:network) to {192.168.170.96} -> (lo0) port 1024:65535
nat on ixl3 inet from (ixl3:network) to {192.168.170.96} -> (ixl3) port 1024:65535
nat on ixl2 inet from (ixl2:network) to {192.168.170.96} -> (ixl2) port 1024:65535
nat on igb0 inet from (igb0:network) to {192.168.170.96} -> (igb0) port 1024:65535
I new to use OPNsense, use pfSense before.
I still can't ping 163.22.170.96

Thanks!

Title: Re: NAT reflection for 1:1 not working
Post by: everfree on February 02, 2021, 06:46:22 am

one-to-one setting