Hi,
I have opnsense in customer network where is provider who does 1:1 NAT in his network. So I have 2 WAN IP from him in local private subnet. From outside they are showing 2 public IP.
It is mainly for dividing traffic and speed for customer - it is hotel where some speed has office and some speed guests.
I need to significaly divide and source nat both networks to have for each of them public ip from outside.
I have set first local IP from ISP to WAN interface and it is working now for both network all with NAT. I have also set second IP as VIRTUAL IP and now I would like to do some NAT and another settings.
How to send traffic from on of local networks to second local ip (ISP nat to public) ?
Should I use NAT 1:1 or how to set this ?
I also need to have later guests in captive portal...
Thanks for some answer and help... ;)
Only outbound nat?
Hi,
I have functional outbound manual NAT for first ip but I also added rules for second ip and it does not work.
I need also to make some speed limits for guests and other settings...not only nat..
Then I think outbound NAT should be fine, no need for 1:1.
Can you show a screenshot of your NAT rules?
Hi,
I am sending them in attachement.
Network 10.0.201.125/16(public 82.100.8.173) is first isp local ip and 10.0.201.126/16(public 82.100.8.174) second.
Office network is 192.168.16.0/24 and guests is 10.20.30.0/24
So WAN address is 173 and where is the NAT entry regarding 174?
It is in rules with ip 10.0.201.126 - it is specified from list, because it is virtual ip on WAN interface
Just look in attachement...there it si visible...
But NAT address should be 174 and not the private one?
EDIT: for outbound NAT ...
It should be private WAN, because it only works with it. I had before all on Mikrotik router (now it is connected after opnsense as switch and wifi manager) and it only worked with outbound nat to internal net of provider (10.0.201.125 and 10.0.201.126). So now it works only for 82.100.8.173 with nat to 10.0.201.125 which is nated by isp ...
I do not have public IPs on opnsense...only isp local lan 10.0.201.125 and as virtual ip 10.0.201.126
On Translation/Target .. do you choose the Alias from the list or did you just type the address (which is wrong)?
I choosed address from list. Not typed
Now i do NAT for guests network (10.20.30.0/24) by Mikrotik unit, which has hotspot service on itself and this is all temporary to time I could solve the whole nat problem.
So guests are nated by that Mikrotik unit which uses office lan network as WAN.
Are my settings OK ? Or what to recommend ?
If it doesnt work I'd check via Console with tcpdump the packets are leaving with the correct address
Hi. Thanks. I will test all onsite when i will be back to customer office. It is not good to do this from remote.
Quote from: Wyrm on July 18, 2018, 09:12:53 AM
It is not good to do this from remote.
Indeed! :)