OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: guest18661 on November 19, 2018, 11:36:25 pm
-
I have a single IP address and I am using haproxy to handle multiple services behind that address. Everything works quite well except I can't automate Let's Encrypt for multiple servers because I can't schedule a NAT rule. In order to get a cert renewed I have to manually enable the NAT rule that sends port 80 to the inside server, manually renew, and then disable the rule again.
I'd love to be able to simply have the NAT rule turn on every Sunday at 1am say, and let a cron job do it's thing.
Also it would be nice to be able to specify the times in the schedule in increments of less than 15 minutes. 5 would be more than sufficient for this type of task.
Any chance there is a work around or I am missing some way to do this? TIA
-
Hi, you can change the association for the firewall rule to manual / off, and add a rule that schedules so you have the NAT on always, but only reachable via scheduled firewall rule?
Cheers,
Franco
-
Thanks for that. I'm not quite sure what it means yet, but at least it gives me something to go on for further research. If I actually get it figured out I'll update the thread with the details in case anyone else is trying to do a similar thing.
-
Sorry, a bit more background: each NAT rule can have an associated firewall rule (see bottom of the edit page of the port forward). If you break the association, you're free to add your own firewall pass rule, which can receive a schedule then.
Cheers,
Franco