OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: kyferez on October 31, 2018, 02:47:40 am

Title: [SOLVED] Disabling Outbound NAT has no effect
Post by: kyferez on October 31, 2018, 02:47:40 am
This happened on 17.7 and now also on 18.7.6. I am using the OPNsense as an internal firewall, with 6 interfaces, where one interface is a transit Subnet from the OPNsense firewall to the external firewall. OPNsense uses the external Firewall's Interface IP as the default route for OPNsense. I do not want any outbound NAT to occur. The external router should see the source IP as the real IP of the server that sent the packet.

Example:
192.168.1.1/24 is the OPNsense Interface 1 and is set to use 192.168.1.254/24 as it's default gateway. This is an internal subnet used as a transit VLAN for access to the external WAN router.
192.168.1.254/24 is the external firewall's interface IP.
192.168.100.1/24 is OPNsense Interface 2 and is another subnet for servers.
192.168.100.232/24 is the real server's IP in this example, which the external firewall should be able to see as the source IP of any packets

Routing works fine, but for some reason all traffic the OPNsense sends to it's default gateway is NATed and the external firewall sees the source IP as the OPNsense Interface IP (192.168.1.1) instead of the real server's IP of 192.168.100.232.

I have tried setting Outbound NAT to use Manual rules and set the 192.168.100.0/24 source subnet to NONAT and have also tried Disabling Outbound NAT rules. In both cases the IP seen on the external firewall is the OPNsense NATed IP of 192.168.1.1.

Please assist. Am I doing this wrong in OPNsense perhaps?

Thanks!
Title: Re: [SOLVED] Disabling Outbound NAT has no effect
Post by: kyferez on October 31, 2018, 02:51:35 am
LOL nevermind. I figured out my problem as soon as I posted this.

Web Proxying occurs before outbound NAT, and the test subnet was set to use the proxy.