OPNsense Forum
English Forums => General Discussion => Topic started by: ovizii on October 16, 2018, 10:51:24 am
-
I have several public IPs from my ISP I want to use for VMs behind OPNsense but they need to be bound to specific MACs.
I tried adding alias IPs but I can't define MACs.
is this possible somehow?
I am trying to avoid adding one physical WAN interface for each public IP but I can do it if its needed as OPNsense is also running in a VM.
Hope that makes sense and someone can clarify my question.
-
Hi!
Your approach might be wrong: I guess what you're looking for is Outbound NAT == "No Nat" (Route).
In OPNsense, add an interface and configure it with the first (or last) of your public IPs in the range, so that you have a GW interface for those servers behind OPNsense. Name it "Perimeter", "DMZ" or something meaningful to you...
Then, in Firewall: NAT: Outbound menu, set Mode to Hybrid (or Manual, but I prefer Hybrid, it's easier to administer afterwards if you still play with adding/ deleting/ modifying LAN interfaces) and add an Outbound NAT rule for your public IP range with "Do not NAT" checked. Disable the corresponding auto-generated rules for NAT (they were auto-generated at the moment you created and set the interface, so you will find them bellow the just created manual "Do not NAT" rule).
The end result is that, for those public IPs in that rule, and for traffic on that particular interface, there will only be route, and no NAT, so your datagrams (data packets) will always have the public IP of the server behind the FW as source, not the public IP of OPNsense. (Take care of the fact that you have to have routing also for the return path, so your ISP have to handle the routing for IN traffic, the traffic destined to your public IPs, set toward your WAN.)
Get back and confirm if this is what you intend and if it works.
Cheers!