HI all,
Just deployed pfSense and opnSense together and noticed a small difference.
https://doc.pfsense.org/index.php/Automatic_NAT_Rules_Generation
pfsense says this above and does it. In my case, I have a static routes to all my internal network (10.16.0.0/16). Indeed, I see this on NAT. This is good as I'd like to have my other internal networks transverse this firewall out, but I don't want my firewall has interface to those remote networks.
On opnSense, this seems not the case; after a fairly troubleshooting with tcpdump, I realized that this has to be manually added in NAT rule to get it work.
My question is, is this a "intentionally" done difference, or , is it a "bug". I am ok with either method of getting it to work, just want to clarify.
Thanks
peng
OPNsense does have auto rules generation which is set in the 'Filter rule association' when using 'Pass'.
I am unsure why it also has all the other NAT created rules in the drop down. Maybe to properly associate the FW rule to the NAT rule.
One thing I have noticed though is you should delete the NAT rule and recreate it if you make a change to the rule or it may not generate the Firewall rule correctly. OPNsense doesn't seem to like to make changes to a firewall rule from an existing NAT PF rule. NAT rules seem to always generate a proper firewall rule on its creation.
That's a fairly interesting setup with overlapping 10.16.x.y address spaces. Would you mind giving a full IP setup of your WAN and LANs... I don't understand it very well.
Thank you,
Franco