OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: eddys on May 17, 2016, 11:15:02 am

Title: NAT Routing
Post by: eddys on May 17, 2016, 11:15:02 am

Hello,

Is it possible to configure opnsense as a pure bi-directional NAT router?

Network[192.168.1.0/24] <---> [OpnSense]  <---> Network[192.168.2/24]

currently we use Linux with iptables and Masquerading. But I cannot find an option in the webinterface to do something similar.


Eddy

Title: Re: NAT Routing
Post by: franco on May 17, 2016, 11:21:18 am

Hi Eddy,

This will be set up by default when WAN e.g. gets an IP via DHCP from 192.168.1.0/24 and the LAN is set up as static 192.168.2.1 unless you want another server to handle DHCP for your internal clients.

The settings for this are under Firewall: NAT: Outbound, but they are set to automatic, so any interface not WAN will be "masqueraded" through WAN.

Edit: Maybe you are trying to set up NAT for the other side as well. Can try that with the Hybrid or Manual Outbound settings there.


Cheers,
Franco

Title: Re: NAT Routing
Post by: eddys on May 17, 2016, 11:48:39 am

Hi Franco,

yes the "normal" NAT mode is working.

LAN [192.168.1.0/24] ---> [OpnSense]  ---> WAN[192.168.2/24]

But what I want to do is bi-directional. So basically both sides of [OpnSense] are LANs and I want to be able to access both Networks from the other Network.

LAN [192.168.1.0/24] <---> [OpnSense]  <---> LAN[192.168.2/24]


HOSTx [192.168.1.2]

Code: [Select]

> ping 192.168.2.5
... OK


HOSTy [192.168.2.5]

Code: [Select]

> ping 192.168.1.2
... OK


Title: Re: NAT Routing
Post by: franco on May 17, 2016, 12:32:16 pm

Ok, under Firewall: NAT: Outbound, set it to Hybrid Mode, add your addition rule for "LAN address" (as opposed to "WAN address") with source 192.168.1.0/24 and reload.

PS: You'll likely have to allow private networks for WAN under Firewall: Rules: WAN (deactivate the automatic block rule).