Hello everyone,
I am new to OpnSense ( was using PfSense)
I am trying to do something that is usualy simple to do.
3 servers ----> OpnSense (3 public IP) ----> Internet
I am trying to have those 3 servers on the internet with their own IP.
But After playing during a while with one server, it's always going out using the MAIN OpnSense IP.
I used the NAT section of the interface, tried NAT LAN, Nat WAN and it both case it didn't worked
When trying to use Nat 1 on on1, I specify the public IP I want to use, tell the NAT rule which server internally it need to be nated to
Question :
1- when creating the Nat rule, to O chose Lan or wan ? in both case I can specify what is the internal and external ip.
2- Virtual IP, do I have to use that ?
My test was simple, I curl ipinfo.io and it gaved back the " main firewall" ip and not the one I created in the NAT rule
JF
Sorry for that newbie question LOL I played with so many brand of firewall and my ego too a hit :-)
Try this:
Firewall, NAT, Outbound. Select Hybrid NAT (manual before automatic). Add Rule:
interface: WAN, Source: single host or network, internal IP /32, Translation: public IP /32
Bart...
Tks Bart. Will try !
The interface is more complex that what you say
https://pasteboard.co/I2eWrbT.png
Tks !
JF
You only need 1:1 NAT if you have clients that connect to the servers from the internet. For servers to be tied to an unique IP address for outbound traffic, simple NAT is sufficient.
Do you offer services to internet clients?
Bart...
HUM
All those servers do have different Public IP and customers will connect to this different IP and FQDN
Server 1 public ip xyz name.domain.com PTR to this IP
Server 2 public ip xyz name2.domain.com PTR to this IP
tks !
Then you need 1:1 NAT
Interface: WAN
Type: BINAT
external network: public IP
source: single host or network - private IP /32
Bart...
I will try again. but there is so much more option that what you describe
https://pasteboard.co/I2eWrbT.png
I know I have to do what you describe ( tks I do appreciate ) but it didn't work last time..
I will check again my Freebsd network config to be sure the different IPs are in /etc/rc.conf and make some ping test
Good night ! Wherever your tare
Quote from: yoda on February 22, 2019, 12:00:42 AM
I will try again. but there is so much more option that what you describe
Indeed there are some, but you can leave those at the defaults. Note that this will only give you NAT; you still need to create rules to allow the inbound traffic that you require. Firewall, Rules, WAN.
Bart...
tKS !!!! iT IS WORKING
BInat was one of my error (NAT didn 't work)
JF