I have opnsense with
WAN with public /32 and DMZ interface with public /29 and a dhcp server
When I add an server to the /29 network, I have the problem, that eg. curl -4 icanhazip.com returns the the public /32 ip. There is no problem to ssh from Internet to a server in /29.
my network looks like this
Fiber
|
WAN IF @ OpnSense (block private networkds)
(aaa.aaa.aaa.aaa)/32 public IP via DHCP
+
DMZ IF @ OpnSense (no dynamic gateway policy, ipv4 gateway rules disabled)
(aaa.aaa.bbb.bb1)/29 public IP static IP
|
ServerA
(aaa.aaa.bbb.bb2)/29 public IP with DHCP from Opnsense
From Server A:
curl -4 icanhazip.com
gives the IP of WAN IF
curl -6 icanhazip.com
gives the ServerA ip
I also need the Server A ip with ipv4 curl -4
Where should I start to look?
Thx
Chris
ps: Beside this, everything works fine
You have to make sure the Firewall rule that allows Internet from the DMZ has the Gateway of the /29 net selected.
Firewall -> NAT -> Outbound
You'll probably have to turn off automatic rule generation, and setup your own rules as needed (or not)....
There are only public IPs there is no NAT. I almost wrote the same and checked twice. ;D
Eh? Sounds like the /29 is routed to the /32 "WAN" IP address. NAT would be on by default - needs to be turned off ... no?
Oh yeah you are right. Its probably also a NAT thing.
Thx, outbound NAT was the problem.
But only for ipv4, ipv6 worked before.