OPNsense Forum

English Forums => General Discussion => Topic started by: boni127 on February 17, 2019, 01:12:02 pm

Title: Port nating
Post by: boni127 on February 17, 2019, 01:12:02 pm

Hi,
i have a Vigor 130 as vdsl+ Modem on my opnsense connected to the interface igb0.
So i configured a point-to-point Interface on the physical interface igb0. Everything works fine :-)

The vigor has an administration-interface at the ip 192.168.1.1 and i want to reach this interface from my local network 192.168.5.0/24.

For this purpose i switched the Outbound-NAT (Firewall: NAT: Outbound) from "Automatic outbound NAT rule generation" to "Hybrid outbound NAT rule generation" and added an new rule:

Interface   Source   Source Port   Destination      Destination Port   NAT Address      NAT Port   Static Port   Description   
Vigor      LAN net   *         Vigor net      *               Vigor address   *         NO

Vigor.: Interface igb0
LAN net. : 192.168.5.0/24
Vigor net : 192.168.1.0/24

but i can't reach the vigor.
Then i changed the Destination from Vigor-Net to the ip of the vigor and it worked.

Vigor      LAN net   *         192.168.1.1/32   *               Vigor address   *         NO          

Then i changed the destination from 192.168.1.1/32 to 192.168.1.0/24, and it worked too.

So im confused, isn't the destination "Vigor net" similar to the network-address 192.168.1.0/24

Thanks for every explanation.

Detlev.

 

Title: Re: Port nating
Post by: bartjsmit on February 17, 2019, 01:30:55 pm

Hi Detlev,

I have an identical setup and have set my translation target to 'interface address' and source to 'LAN Net' with all others set to *

I also have a separate outbound NAT rule to cover my VPN tunnel range.

Bart...

Title: Re: Port nating
Post by: boni127 on February 17, 2019, 05:15:38 pm

Hi Bart,

thanks for your answer. I Think in this case, it's just the same: target interface address and target vigor address.

Bye
Detlev.

Title: Re: Port nating
Post by: amflow on March 18, 2019, 12:31:23 pm

I would like to take up the topic again.

I put the NAT mode on hybrid and inserted the following NAT rule as shown in the attached picture.

It is not working.

I have created an interface named "ModemAccess" on re0 where WAN access already is and assigned the static IP address 192.168.1.2/24.
Is it a firewall rule that can block here? I have already added a firewall rule that allows access from "LAN" to "ModemAccess net".

Greetings
Florian

Title: Re: Port nating
Post by: hbc on March 18, 2019, 02:35:56 pm

Quote

So im confused, isn't the destination "Vigor net" similar to the network-address 192.168.1.0/24

I think it is a bug, that prevents aliases to be used in port forwardings.

see: https://forum.opnsense.org/index.php?topic=12002.0 (https://forum.opnsense.org/index.php?topic=12002.0)

Should be solved with 19.1.5