Text only | Text with Images

OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: dyoung on February 07, 2020, 01:21:33 AM

Title: outbound NAT
Post by: dyoung on February 07, 2020, 01:21:33 AM
Working with 20.1 that has been factory reset for testing.
LAN interface
     DHCP is assigning this interface 192.168.2.222
     Route added -- 193.168.1.0/24 -> 192.168.2.222
WAN interface is connected to DD WRT router for testing.
     DD WRT is assigned 193.168.1.1
     DHCP has assigned WAN interface 193.168.1.129
     Route added -- 192.168.2.0/24 -> 193.168.1.129

When using automatic NAT rules:
         LAN    127.0.0.0/8    *    *    500    LAN    *    YES    Auto created rule for ISAKMP
        LAN    127.0.0.0/8    *    *    *            LAN    *    NO    Auto created rule
        WAN    127.0.0.0/8    *    *    500    WAN    *    YES    Auto created rule for ISAKMP
        WAN    127.0.0.0/8    *    *    *            WAN    *    NO    Auto created rule
Packet captures on the WAN interface while ping is running and connection to DD WRT web interface:
WAN em0   00:30:10.025146 IP 192.168.2.170.41638 > 193.168.1.1.80: tcp 0
WAN em0   00:30:10.025267 IP 193.168.1.1.80 > 192.168.2.170.41638: tcp 0
WAN em0   00:30:10.025493 IP 192.168.2.170.41638 > 193.168.1.1.80: tcp 0
WAN em0   00:30:10.026023 IP 193.168.1.1.80 > 192.168.2.170.41638: tcp 0
WAN em0   00:30:10.856352 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 12, length 64
WAN em0   00:30:10.857010 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 12, length 64
WAN em0   00:30:11.037881 IP 192.168.2.170.41640 > 193.168.1.1.80: tcp 0
WAN em0   00:30:11.038510 IP 193.168.1.1.80 > 192.168.2.170.41640: tcp 0
WAN em0   00:30:11.038765 IP 192.168.2.170.41640 > 193.168.1.1.80: tcp 0
WAN em0   00:30:11.862251 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 13, length 64
WAN em0   00:30:11.862909 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 13, length 64

No NAT Translation. :(
When I use Manual outbound NAT rules:
      WAN    LAN net    *            *    *            Interface address    *    NO         
      WAN    LAN net    icmp/ *    *    icmp/ *    Interface address    *    NO         
Packet captures on the WAN interface while ping is running and connection to DD WRT web interface:
WAN em0   00:37:07.374455 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 426, length 64
WAN em0   00:37:07.375152 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 426, length 64
WAN em0   00:37:08.380369 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 427, length 64
WAN em0   00:37:08.381022 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 427, length 64
WAN em0   00:37:08.561750 IP 193.168.1.129.29196 > 193.168.1.1.80: tcp 0
WAN em0   00:37:08.562372 IP 193.168.1.1.80 > 193.168.1.129.29196: tcp 0
WAN em0   00:37:08.562658 IP 193.168.1.129.29196 > 193.168.1.1.80: tcp 0
WAN em0   00:37:09.042284 IP 193.168.1.129.29196 > 193.168.1.1.80: tcp 328

NAT translates HTTP but not ICMP. :-\

Not sure what I am missing.  Everything else seems pretty self explanatory.
Title: Re: outbound NAT
Post by: dyoung on February 08, 2020, 01:51:15 AM
UPDATE

Don't like this for an answer, but rebooted today and now the automatic outbound NAT works.
Text only | Text with Images