Text only | Text with Images

OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: biggreydog on August 09, 2021, 12:29:44 AM

Title: Newbie NAT questions
Post by: biggreydog on August 09, 2021, 12:29:44 AM
New user to OPNsense [previously using Draytek router].  I am looking to set up NAT transversal for both one to one and traditional NAT.  I have read the help and searched forums but this I think is a very simple setup but I am finding the nomenclature a bit different from what I have used on other routers.

I need to connect a single device on my LAN to an external IP say [22.22.22.22] with port 1234 to a specific LAN address of 10.10.10.130 [port 1234].  My static IP is [33.33.33.33].

Is this setup correct?
External Network = 33.33.33.33
Source = 22.22.22.22
Destination = 10.10.10.130
Port = where is this entered?

Title: Re: Newbie NAT questions
Post by: errored out on August 09, 2021, 04:50:05 AM
If I understand correctly, you have 2 external (Routable) IP Addresses?  1 is static 33.33.33.33 and 1 is dynamic 22.22.22.22 and you would like 1 assigned to a specific LAN address?

Does that mean the second external address is being shared with multiple LAN / internal equipment?


Quote from: biggreydog on August 09, 2021, 12:29:44 AM
Is this setup correct?
External Network = 33.33.33.33
Source = 22.22.22.22
Destination = 10.10.10.130
Port = where is this entered?

This is a little confusing.  Do you have a diagram?
Title: Re: Newbie NAT questions
Post by: biggreydog on August 09, 2021, 06:54:59 AM
Thanks for the quick reply.

In this scenario, I have one single static external WAN IP address only [33.33.33.33]

I need to connect 10.10.10.10 [port 1234] on my LAN [with my external IP WAN 33.33.33.33] to another external IP of 22.22.22.22 [port 1234] which is not controlled by myself.

Title: Re: Newbie NAT questions
Post by: cookiemonster on August 09, 2021, 02:30:19 PM
It looks to me from your description it looks like this:
(//)
If yes, then normal routing applies and nothing special is required I think. It'll be like connecting to any public site. Maybe create an alias for it.
If not, then needs a better explanation/diagram.
Title: Re: Newbie NAT questions
Post by: biggreydog on August 09, 2021, 03:25:23 PM
Your drawing is correct.  Wouldn't I need a NAT rule to direct 22.22.22.22 to my computer [10.10.10.10] on port 1234?

Would there also be benefit to making this a one-to-one connection to further secure the firewall?
Title: Re: Newbie NAT questions
Post by: cookiemonster on August 09, 2021, 03:33:47 PM
It depends who inititates the traffic. If is you, then outbound rules are there by default i.e. allow out.
If is the other side initiating the connection into your router, then yes you need to allow it in.
Title: Re: Newbie NAT questions
Post by: errored out on August 09, 2021, 11:32:16 PM
1 to 1 connections are used for multiple IP address.  I.E. For every Internal (LAN) connection, you have an External (WAN).  What you are looking to do can be done with a default installation.  All you would need to configure are your firewall rules, and possible forwarding.  As stated above, depends on where the traffic is initiated from.
Text only | Text with Images