OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: nj44451 on July 21, 2017, 05:06:23 am

Title: Setting up multiple IPs on 1 WAN connection
Post by: nj44451 on July 21, 2017, 05:06:23 am

Hello,

I am wondering how to correctly setup  additional IP addresses on my WAN connection.

I have 8 IP addresses available and need to use the additional IPs to forward ports via NAT to my mail and web server.

Thanks

Title: Re: Setting up multiple IPs on 1 WAN connection
Post by: bartjsmit on July 21, 2017, 08:35:39 am

I've used 1:1 NAT for additional addresses in my WAN range. This has the advantage that the return traffic from internal host matches the inbound traffic to them.

Bart...

Title: Re: Setting up multiple IPs on 1 WAN connection
Post by: nj44451 on July 21, 2017, 04:00:28 pm

Where in the Nat do you setup the additional ranges?

I wish the documentation had screen shot examples of how to set various situations.

Title: Re: Setting up multiple IPs on 1 WAN connection
Post by: bartjsmit on July 21, 2017, 04:32:11 pm

Firewall, NAT, One-to-One. Pick the WAN interface, add an address from your public range, then pick the corresponding host on the LAN side. There is no need to define the public range anywhere.

Bart...

Title: Re: Setting up multiple IPs on 1 WAN connection
Post by: nj44451 on July 21, 2017, 05:29:16 pm

Ok I see where to do that.

So by setting this up this just allows the public IP I specify from the Wan onto the LAN net correct?
But I am assuming this setting still wont let any traffic through correct?

If that is the case:
Now how do I open a specific port say 80  from that specific public public ip to be directed onto an IP on the LAN.

Under rules or nat and port forwarding?


Thanks for your help on this Bart!

Title: Re: Setting up multiple IPs on 1 WAN connection
Post by: bartjsmit on July 22, 2017, 12:17:43 am

The NAT only allows the packets to be rewritten correctly on their way in and out of your network from the internet.  You still need a rule on the firewall to allow this to happen.

In your case, add a rule to the WAN section with a source set to any, protocol TCP, destination 'Single host or Network' set to the internal IP of your web server and the port to HTTP

Bart...

Title: Re: Setting up multiple IPs on 1 WAN connection
Post by: nj44451 on July 24, 2017, 04:52:39 am

I understand about the NAT and setting up the specific public IP  to go to the LAN.

But in the rules how do you setup the specific public IP and port to be directed to the LAN.

I see where you can direct the specific port  from the WAN to a specific LAN IP but you can not set the Public IP address.

If I have 2 public IP's and port 80 need to go to 2 different servers how do you set that up in the rules.

64. is public and 10. internal

example 64.28.44.166 port 80 goes to 10.0.0.10 port 80
and 64.28.44.167 port 80 goes to 10.0.0.011 port 80.


I have been looking at the documents and can find an example of how to do this.


Thanks.

Title: Re: Setting up multiple IPs on 1 WAN connection
Post by: bartjsmit on July 24, 2017, 07:04:30 pm

Firewall, Nat, One-to-One, click plus.
External subnet IP 64.28.44.166, Internal IP Single Host or Network, fill in 10.0.0.10 below and leave the /32. Description 1:1 NAT for .10
Leave the rest as is (not disabled, WAN, no inverts, NAT reflection default) and click Save, Apply changes

Firewall, Rules, WAN tab, click plus
Protocol TCP, Destination Single Host or Network, fill in 10.0.0.10 below and leave the /32
Destination port range from HTTP to HTTP
Description HTTP for .10
Leave the rest as is (Pass, IPv4, any, etc.) and click Save, Apply changes

Repeat for 64.28.44.167 and 10.0.0.11

Good luck! :)

Bart...

Title: Re: Setting up multiple IPs on 1 WAN connection
Post by: nj44451 on July 24, 2017, 07:11:07 pm

Bart,

I think I got it now will give it a try

Thanks for your help.


Trent