I have the following setup:
Internet -> Speedport Router -> OPNsense -> Server
The Speedport cannot do static routes so this is a double NAT scenario. I port forward TCP 8443 from Internet to OPNsense in the Speedport and from WAN-Network to Server in the OPNsense.
The reply of a request to the server is by default subject to source port randomization and the Speedport would drop it.
I now added a rule to Outbound NAT setting static port for the traffic originating from the server (and the forwarded port) (1).
However, the source port was still subject to randomization.
I had to set the source address to the WAN address of the OPNsense (2).
Is this normal behaviour? I really would have expected it to work with the first rule and not the second.
Because my next question would be on how to disable port randomization for a whole VLAN (for SIP to work in double NAT environment) if the first rule does not work? Or is this just a specific behaviour if port forwarding is involved?
Thanks for enlightening me.