OPNsense Forum
English Forums => General Discussion => Topic started by: ursus on August 17, 2019, 07:20:50 pm
-
Hi
I am moving from a 4 IP range (1 free) to an 8 IP range (5 free). I changed the WAN address and GW address and restarted the firewall. Everything worked as I was hoping and all my existing rules where still in place. Perfect.
I have my Mail server on the main ip (WAN) and would now like to add another server in the DMZ that I will use as a web server - I added the extra IP's as Virtual IP's but as soon as the virtual IP is added all the ports are then closed. I assume that the rules now no longer make sense. Do I need to update all the NAT rules for the existing WAN address?
I read that I need 1:1 NAT but shouldn't I be able to just Port Forward to the different machines? I would have thought that I could just do this: https://www.lawrencesystems.com/pfsense-setting-multiple-static-wan-ip-addresses-using-virtual-ips-nat-firewall-rules/
Thank you for any help.
Ursus
-
Hi
This is who I solved my problem:
1. created the WAN connection => normal settings
2. created the port forward NAT rules needed to access the first server -> use the WAN address here (I created an alias just to be sure that the correct IP is being used (read in the forum somewhere that sometimes the WAN network was being used - I did not have that problem!)). I let OPNsense create the WAN firewall rules.
3. created an AliasIP => important, as you are setting up one IP /32 is the correct net mask -> I was using /29 here! NB2: now your firewall frontend is accessible from the Internet!!!! Careful!
4. create the port forwarding NAT rule using the AliasIP as the destination and redirecting to your WebServer. Allow OPNsense to create your firewall rule for you.
There you go, all perfect
One VERY important thing to note -> I am not sure if this is the normal setting but in System/Setting/Administration I had Web GUI/Listen Interfaces set to All (recommended) -> this allows the Web GUI of the firewall to be accessed from the internet until you have setup your rules -> I changed this setting to LAN.