Text only | Text with Images

OPNsense Forum

English Forums => 25.1, 25.4 Production Series => Topic started by: techvic on March 22, 2025, 10:20:52 AM

Title: Outbound NAT to access WebUI of DSL Modem
Post by: techvic on March 22, 2025, 10:20:52 AM
I have an OPNsense with the following setup:

LAN Network: 192.168.71.0/24
WAN Side: Zyxel DSL modem, PPPoE connection handled by OPNsense
DSL Modem: IP address 192.168.100.1

I want to access the WebUI of the DSL modem from my LAN, which has the IP address 192.168.100.1. To achieve this, I created an additional interface on the OPNsense on the same physical Ethernet port and assigned the IP address 192.168.100.2 to the OPNsense.

Steps Taken So Far:

Interface Configuration:

An interface named DSL-Modemconf with the IP address 192.168.100.2/24 was created.

Firewall Rules:

An any-to-any rule is configured on the LAN interface.
Outbound NAT Rule:

An outbound NAT rule was configured to translate traffic from 192.168.71.0/24 to the IP address 192.168.100.1 to the IP address 192.168.100.2.
Routing Table:

The routing table shows the route 192.168.100.0/24 on the interface DSL-Modemconf.

Ping Tests:

Ping from the OPNsense with the source IP 192.168.100.2 works.
Ping from the OPNsense with the source IP 192.168.71.1 does not work.

Firewall Logs:

No blocked packets in the firewall logs.

ARP Table:

The ARP entry for 192.168.100.1 shows the correct MAC address of the modem.

NAT Reflection:

Reflection for port forwards, Reflection for 1:1, and Automatic outbound NAT for Reflection have been enabled.

Question: Why can't I access the WebUI of the DSL modem from my LAN, even though the NAT rule and firewall rules are correctly configured and no packets are being blocked?

I recently switched from pfSense to OPNsense and had this exact setup working with pfSense, and now I'm at a loss.

Title: Re: Outbound NAT to access WebUI of DSL Modem
Post by: patient0 on March 22, 2025, 10:39:21 AM
Quote from: techvic on March 22, 2025, 10:20:52 AMAn any-to-any rule is configured on the LAN interface.
No firewall rules and no blocked traffic on the DSL-Modemconf interface?


Maybe [Tutorial] Bridged Modem Access Guide (https://forum.opnsense.org/index.php?topic=33497.0) is of help?
Title: Re: Outbound NAT to access WebUI of DSL Modem
Post by: techvic on March 22, 2025, 11:01:05 AM
The traffic is always initiated from the LAN-side, so it shouldn't require a rule on the DSL-Modemconf-Interface, however, I already put an any-rule there too for testing
Title: Re: Outbound NAT to access WebUI of DSL Modem
Post by: patient0 on March 22, 2025, 11:58:29 AM
QuoteAn outbound NAT rule was configured to translate traffic from 192.168.71.0/24 to the IP address 192.168.100.1 to the IP address 192.168.100.2

You configured an outbound NAT rule on the DSL-Modemconf-Interface interface with source LAN subnet, destination 192.168.100.0/24 and Translation/target set to Interface address? And set the oubound NAT mode to 'Hybrid ...'? Then it really should work, yes.

A package capture on the DSL-Modemconf-Interface could give some inside.
Title: Re: Outbound NAT to access WebUI of DSL Modem
Post by: techvic on March 22, 2025, 12:03:42 PM
damn, I mistakenly had the NAT outbound rule on the LAN interface. I checked the rule a thousand times and never noticed that. Thanks for you hint!
Title: Re: Outbound NAT to access WebUI of DSL Modem
Post by: patient0 on March 22, 2025, 12:13:18 PM
Glad it got sorted.
Text only | Text with Images