OPNsense Forum

English Forums => General Discussion => Topic started by: penley on March 09, 2017, 04:03:17 pm

Title: OPNsense NAT
Post by: penley on March 09, 2017, 04:03:17 pm

I have question when setting up NAT.
Setup- OPNsense single WAN port and single Internal port. A few outside IP addresses available.
Goal - NAT only port 443 to internal web server.

I've setup the virtual IP address we will use for the web server. Where I'm confused is do I need to setup a 1:1 NAT (but then how do I only allow port 443?) or is it sufficient to only setup port forwarding to the internal address. Within the port forward configuration set Destination to the external IP intended for the web server?

In the 1:1 NAT I'm unsure how to only allow port 443 and cannot find sufficient examples to show the benefits of 1:1 NAT vs  NAT Port Forward.


Kind regards,
penley

Title: Re: OPNsense NAT
Post by: bartjsmit on March 09, 2017, 04:10:37 pm

Hi penley,

A 1:1 NAT ensures that the source IP for the return traffic is consistent with the destination IP for the inbound traffic. Most clients on IPv4 are likely to be behind their own NAT and their NAT router keeps state on the public IP of your server.

Some protocols don't care, but most do.

Bart...

Title: Re: OPNsense NAT
Post by: penley on March 14, 2017, 01:12:24 pm

Thank you for the reply bartjsmit. I'm having some trouble configuring the 1:1 NAT. Is there any documentation on how to set it up?

Title: Re: OPNsense NAT
Post by: bartjsmit on March 14, 2017, 01:47:27 pm

The online help worked for me. What trouble did you encounter?