Print Page - Dual Wan und Portforward (Doppel Nat Problem?)

Title: Dual Wan und Portforward (Doppel Nat Problem?)
Post by: fox-octi on October 26, 2021, 07:35:07 AM

Hi,

da ich mir nicht sicher bin, ob ich es hier richtig gestellt habe, hier auch nochmal.

External Ip WAN1 Router (Intern: 192.168.2.1) Forward Port 2222 -->OpnSense (192.168.2.139) Port 2222 --> Linux SSH 22

External Ip WAN2 Router (Intern: 192.168.9.1) Forward Port 2222 -->OpnSense (192.168.9.30) Port 2222 --> Linux SSH 22

Die Forwards funktionieren immer nur beim aktiven WAN, der nicht aktive WAN ist zwar funktionstüchtig, jedoch funktionieren die Portforwards nicht.
Welchen Fehler mache ich hier, es scheint mir am Doppelten eingehenden Forward zu liegen.

Original Post:
https://forum.opnsense.org/index.php?topic=25294.msg121416#msg121416

Gruß

Title: Re: Dual Wan und Portforward (Doppel Nat Problem?)
Post by: fox-octi on October 26, 2021, 10:24:17 AM

Hi,

hab eine Lösung gefunden, man muss beim Portforward das Paket taggen und dann als Firewallregel ausgehend ihm dann sagen, dass die getaggten Pakete über das bestimmte Gateway beantwortet werden sollen.

<rule>
<protocol>tcp</protocol>
<interface>wan</interface>
<category/>
<ipprotocol>inet</ipprotocol>
<descr>SSHForwardGuido</descr>
<tag>GUIDO</tag>
<tagged/>
<poolopts/>
<associated-rule-id>pass</associated-rule-id>
<log>1</log>
<target>Gitlab</target>
<local-port>22</local-port>
<source>
<address>ExterneKundenFesteIPs</address>
</source>
<destination>
<network>wanip</network>
<port>2222</port>
</destination>
<updated>
<username>root@172.16.222.30</username>
<time>1635226835.6125</time>
<description>/firewall_nat_edit.php made changes</description>
</updated>
<created>
<username>root@172.16.222.224</username>
<time>1613770090.0138</time>
<description>/firewall_nat_edit.php made changes</description>
</created>
</rule>

    <rule>
<protocol>tcp</protocol>
<interface>opt1</interface>
<category/>
<ipprotocol>inet</ipprotocol>
<descr>SSHForwardRamon</descr>
<tag>RAMON</tag>
<tagged/>
<poolopts/>
<associated-rule-id>pass</associated-rule-id>
<log>1</log>
<target>Gitlab</target>
<local-port>22</local-port>
<source>
<address>ExterneKundenFesteIPs</address>
</source>
<destination>
<network>opt1ip</network>
<port>2222</port>
</destination>
<updated>
<username>root@172.16.222.30</username>
<time>1635226643.7175</time>
<description>/firewall_nat_edit.php made changes</description>
</updated>
<created>
<username>root@172.16.222.30</username>
<time>1624425142.575</time>
<description>/firewall_nat_edit.php made changes</description>
</created>
</rule>

<rule>
<type>pass</type>
<interface>lan</interface>
<ipprotocol>inet</ipprotocol>
<tagged>RAMON</tagged>
<statetype>keep state</statetype>
<descr>RAMON-GW-Tagged-TCP-UDP-LAN</descr>
<direction>out</direction>
<reply-to>OPT1_DHCP</reply-to>
<quick>1</quick>
<protocol>tcp/udp</protocol>
<source>
<any>1</any>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@172.16.222.30</username>
<time>1635233677.4174</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@172.16.222.52</username>
<time>1615028745.5929</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<ipprotocol>inet</ipprotocol>
<tagged>GUIDO</tagged>
<statetype>keep state</statetype>
<descr>GUIDO-GW-Tagged-TCP-UDP-LAN</descr>
<direction>out</direction>
<reply-to>WAN_DHCP</reply-to>
<quick>1</quick>
<protocol>tcp/udp</protocol>
<source>
<any>1</any>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@172.16.222.30</username>
<time>1635233713.586</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@172.16.222.30</username>
<time>1635232485.8618</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>

OPNsense Forum

International Forums => German - Deutsch => Topic started by: fox-octi on October 26, 2021, 07:35:07 AM