Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: tverweij on August 07, 2023, 11:01:22 PM

Title: IP mapping problem
Post by: tverweij on August 07, 2023, 11:01:22 PM
Hello all, this is my first post on this forum.
I am new to OpnSense, worked with Kerio Control for the last 25 years, but as this product starts to be outdates, I am in the process of migrating to OpnSense. And the migration goes well, about 98% of the  previous setup has been migrated.

But now I am stuck at IP mapping - I can't get it to work.

To explain:
In Kerio, I defined the source (192.168.81.0/24) - this is a local subnet.
Then I defined the destination (192.168.80.60/32) - this host is located at the customers office, so a remote host.
After that I defined the services (any)
And last I defined the MAP (a.b.c.d) - this is the router address of the cuistomers office.

The effect of the above was that, when I accessed 192.168.80.60 from the 192.168.81.0/24 subnet, the IP was translated and the traffic was diverted to the customers router - there, a  virtual server configuration made sure that I reached the real 192.168.80.60 machine.

I try to replicate this in OpnSense, but till now without success.

What I did:
I went to Firewall - NAT - Outbound
added a new rule:

interface WAN
TCPIP v4
Protocol any
Source Address 192.168.81.0/24
Sourceport any
Destination Address 192.168.80.60
Destinationport any
Translation target a.b.c.d
Translation port <empty>

But it just won't work.

What am I missing?







Title: Re: IP mapping problem
Post by: newsense on August 07, 2023, 11:30:37 PM
At a glance - unless said customer was physically plugged into a port on the machine running Kerio - it would appear you're missing a VPN connecting the two sites.
Title: Re: IP mapping problem
Post by: tverweij on August 07, 2023, 11:46:05 PM
No, no VPN needed.

The trick is to map the unroutable address 192.168.80.60 to the routable address a.b.c.d.

But as I look in the logs, no mapping is performed at all.
Title: Re: IP mapping problem
Post by: tverweij on August 07, 2023, 11:58:49 PM
I got it working.

It turns out I had to use Port mapping instead of Outbound.

Can anyone explain to me what outbound does?
Title: Re: IP mapping problem
Post by: Maurice on August 08, 2023, 12:08:30 AM
Outbound replaces the source address of outbound packets (your typical NAT).
Port Forward replaces the destination address of inbound packets.

Cheers
Maurice
Title: Re: IP mapping problem
Post by: tverweij on August 08, 2023, 12:27:51 AM
Ah, that makes sense.

In Kerio terms (as said, worked with it for 25 years): Port forward = MAP, Outbound is NAT.

Now I understand.

Thank you!
Text only | Text with Images