OPNsense Forum
English Forums => General Discussion => Topic started by: boni127 on February 17, 2019, 01:12:02 pm
-
Hi,
i have a Vigor 130 as vdsl+ Modem on my opnsense connected to the interface igb0.
So i configured a point-to-point Interface on the physical interface igb0. Everything works fine :-)
The vigor has an administration-interface at the ip 192.168.1.1 and i want to reach this interface from my local network 192.168.5.0/24.
For this purpose i switched the Outbound-NAT (Firewall: NAT: Outbound) from "Automatic outbound NAT rule generation" to "Hybrid outbound NAT rule generation" and added an new rule:
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
Vigor LAN net * Vigor net * Vigor address * NO
Vigor.: Interface igb0
LAN net. : 192.168.5.0/24
Vigor net : 192.168.1.0/24
but i can't reach the vigor.
Then i changed the Destination from Vigor-Net to the ip of the vigor and it worked.
Vigor LAN net * 192.168.1.1/32 * Vigor address * NO
Then i changed the destination from 192.168.1.1/32 to 192.168.1.0/24, and it worked too.
So im confused, isn't the destination "Vigor net" similar to the network-address 192.168.1.0/24
Thanks for every explanation.
Detlev.
-
Hi Detlev,
I have an identical setup and have set my translation target to 'interface address' and source to 'LAN Net' with all others set to *
I also have a separate outbound NAT rule to cover my VPN tunnel range.
Bart...
-
Hi Bart,
thanks for your answer. I Think in this case, it's just the same: target interface address and target vigor address.
Bye
Detlev.
-
I would like to take up the topic again.
I put the NAT mode on hybrid and inserted the following NAT rule as shown in the attached picture.
It is not working.
I have created an interface named "ModemAccess" on re0 where WAN access already is and assigned the static IP address 192.168.1.2/24.
Is it a firewall rule that can block here? I have already added a firewall rule that allows access from "LAN" to "ModemAccess net".
Greetings
Florian
-
So im confused, isn't the destination "Vigor net" similar to the network-address 192.168.1.0/24
I think it is a bug, that prevents aliases to be used in port forwardings.
see: https://forum.opnsense.org/index.php?topic=12002.0 (https://forum.opnsense.org/index.php?topic=12002.0)
Should be solved with 19.1.5