Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: AxelTwin on April 26, 2021, 04:03:39 PM

Title: NAT1:1 not redirecting to binded lan ip
Post by: AxelTwin on April 26, 2021, 04:03:39 PM
Hi everybody,

Coming from pfsense, I setup NAT1:1 on opnsense the exact same way I do on pfsense.
It's working like a charm on pfsense, while on opnsense it seems that I miss something.
If I try to access my virtual ip address with https://  I end up on the opnsense GUI.

I have 1 virtual IP with public IP setup.

In NAT 1:1 I have:
Interface    External IP     Internal IP              Destination IP    
WAN            public.ip/24    192.168.31.10/24      *

Can someone advise me ?
Title: Re: NAT1:1 not redirecting to binded lan ip
Post by: rhubarb on April 27, 2021, 03:05:58 AM
I'm not familiar with 1:1, but I'll try:

User, Settings, Admin -> Try setting the OPNSense interface to not listen on WAN.
Title: Re: NAT1:1 not redirecting to binded lan ip
Post by: marjohn56 on April 27, 2021, 03:39:53 PM
This is one I use for my mail server, don't forget your fw rules too.


Interface: WAN
Type: BiNat
External Network: 82.67.104.179
Source: Single Host or Network:
                       10.4.12.30/32
Destination: Any
Nat Reflection: Use System Default

Title: Re: NAT1:1 not redirecting to binded lan ip
Post by: AxelTwin on April 28, 2021, 12:41:22 PM
Thanks, it works like a charm !

One last thing is, When accessing the local machine through http I can reach the service, but it wont let me access it through https.
I guess there is a rule to apply but I can't figure out where it should be applied.
To be honest, I am a bit lost at the moment with opnsense firewall rules, need to practice.
Thanks for showing me the way...
Title: Re: NAT1:1 not redirecting to binded lan ip
Post by: rhubarb on April 28, 2021, 02:33:36 PM
Could be a certificate issue and not a firewall rule.
Title: Re: NAT1:1 not redirecting to binded lan ip
Post by: AxelTwin on April 28, 2021, 02:44:44 PM
Nope, it is blocked by default deny rule.

wan      Apr 28 14:43:43   80.14.0.0:52059   192.168.21.10:443   tcp   Default deny rule
Title: Re: NAT1:1 not redirecting to binded lan ip
Post by: marjohn56 on April 29, 2021, 07:59:56 AM
A little confused, by 'local machine' do you mean the server you added the port forward for? Where are you trying to access it from, the WAN or LAN?
If it's the WAN, take a look at your rules for that port forward. I have my ports set as an alias, so my mail server has this:


(https://i.ibb.co/w7jDS9J/floating-rulkes.png) (https://ibb.co/YXwvczD)

Note: I block a lot of known spammers and some geo zones before it gets to my mail rules, then I block other geo zones before the rules for my web server.
The mail ports alias is like so:

(https://i.ibb.co/M1fPSkM/Mailports.png) (https://ibb.co/QHkYQvr)

Note: port 25 is handled in a different alias as I use a different machine to process incoming SMTP mail, if you were using one machine, port 25 should be here as well.


Text only | Text with Images