OPNsense Forum
Archive => 16.1 Legacy Series => Topic started by: eddys on May 17, 2016, 11:15:02 am
-
Hello,
Is it possible to configure opnsense as a pure bi-directional NAT router?
Network[192.168.1.0/24] <---> [OpnSense] <---> Network[192.168.2/24]
currently we use Linux with iptables and Masquerading. But I cannot find an option in the webinterface to do something similar.
Eddy
-
Hi Eddy,
This will be set up by default when WAN e.g. gets an IP via DHCP from 192.168.1.0/24 and the LAN is set up as static 192.168.2.1 unless you want another server to handle DHCP for your internal clients.
The settings for this are under Firewall: NAT: Outbound, but they are set to automatic, so any interface not WAN will be "masqueraded" through WAN.
Edit: Maybe you are trying to set up NAT for the other side as well. Can try that with the Hybrid or Manual Outbound settings there.
Cheers,
Franco
-
Hi Franco,
yes the "normal" NAT mode is working.
LAN [192.168.1.0/24] ---> [OpnSense] ---> WAN[192.168.2/24]
But what I want to do is bi-directional. So basically both sides of [OpnSense] are LANs and I want to be able to access both Networks from the other Network.
LAN [192.168.1.0/24] <---> [OpnSense] <---> LAN[192.168.2/24]
HOSTx [192.168.1.2]
> ping 192.168.2.5
... OK
HOSTy [192.168.2.5]
> ping 192.168.1.2
... OK
-
Ok, under Firewall: NAT: Outbound, set it to Hybrid Mode, add your addition rule for "LAN address" (as opposed to "WAN address") with source 192.168.1.0/24 and reload.
PS: You'll likely have to allow private networks for WAN under Firewall: Rules: WAN (deactivate the automatic block rule).