Hi Opnsense community. I'm new to Opnsense, but not new to IP networking.
I'm trying to replace an existing router with Opnsense. My configuration is that I have four public static IP addresses from my ISP. I'm trying to use (let's say) one of those to access a particular host on the LAN.
I have searched the forum and read many posts about this, but somehow I'm not succeeding.
Before using this in the real world, I'm trying to get my configuration working in a test environment to make sure I understand how to set it up. To that end, I currently have my opnsense WAN port connected to my existing LAN. I have a new opnsense LAN network where I'm trying to connect via a "WAN" address.
My router is OPNsense 23.7.12-amd64.
My Opnsense WAN IP is 10.9.8.54 (I have "block private networks" disabled on the WAN since WAN address is private)
My Opnsense LAN IP is 10.0.10.1
The netmask is /24 on both sides.
A host on the Opnsense LAN is 10.0.10.12 and I'm trying to connect to it from the WAN side using "public" static IP 10.9.8.75.
I have created a Virtual IP for 10.9.8.75:
(https://serenity.jjd.com/opnsense/opnsense-virtual-ip.jpg)
Then I configured One-to-one NAT on the WAN to configure 10.9.8.75 to 10.0.10.12 on the LAN:
(https://serenity.jjd.com/opnsense/opnsense-one-to-one-nat.jpg)
Then I configured a WAN firewall rule to allow SSH to the LAN host: (later, I also tried/added http/https)
(https://serenity.jjd.com/opnsense/opnsense-firewall-rules.jpg)
Then I tried connecting via ssh from "WAN" host 10.9.8.2 to "WAN" IP 10.9.8.75, but it was blocked by "Default Deny / state violation rule". (You can see that the 1:1 NAT is working in the sense that it shows that the incoming connection to the "WAN" address was forwarded to the LAN host, but then presumably blocked.
(https://serenity.jjd.com/opnsense/opnsense-log.jpg)
(https://serenity.jjd.com/opnsense/opnsense-log-detail.jpg)
As I said I tried this with ssh (22) as well as with http/https with the same result. I must be forgetting something. Can you help?
Thank you.