OPNsense Forum
Archive => 16.7 Legacy Series => Topic started by: jochen35 on December 06, 2016, 06:43:41 pm
-
Hello,
We have the OPNSense behind a router of the ISP with a 28er public network. How can you set up additional IP addresses of the same subnet for NAT on different LAN servers on the WAN interface?
greeting
Jochen
-
Hi Jochen,
I set up a one-to-one NAT with the external IP chosen from the ISP range and the internal IP set to a server on the LAN. Firewall -> NAT -> One-to-one.
This has the advantage that the source IP for the return traffic is consistent, i.e. it does not use the OPNsense WAN IP.
Bart...
-
Don't mean to hijack, but this is closely related: Is there any way to specify that certain traffic goes out certain WAN IPs?
For example, I often want to use a 2nd Public IP specifically for mail. How would I set it up so all outbound mail from my mail server IP is routed out the 2nd Public IP, but only mail? Note I would want all other traffic from the mail server to use the primary WAN IP.
In Sophos UTM this is easy - it's called Masquerading and Multipath. See screenshot. You can select a source Host or network or destination IP, network or Domain and select a Port or Port Group and direct the matching traffic outbound via a specific Public IP. It's Very flexible. I'd like to see similar in OPNsense ;)
-
Take a look at: https://docs.opnsense.org/manual/how-tos/multiwan.html?highlight=multi%20wan#step-4-policy-based-routing
What you want is to write fine-grained policy routing rules... The example here only talks about a "catch all rule" but you can select the appropriate gateway and filter based on a lot of properties. I think it's all there. :)
-
Franco, thanks again!
To make sure I am doing this right: I create the additional WAN IPs as Gateways? Then I use a firewall rule to route the traffic out that new gateway, correct?