OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: thegadget on August 30, 2017, 07:12:14 pm
-
Howdy! I hate to ask this question, but following what documentation I have found on the web I am unable to get a working port forward. Here is what I am trying to do:
2 Web servers:
Public IP
x.x.121.10, x.x.121.11
Internal IP
x.x.195.101, x.x.195.103
Ports forwarded
80,443,8443
I have setup the Aliases for all IPs and Ports. I am having trouble creating the NAT and rule. So after I create NAT, all traffic is killed on the network. I looked through the forums, and am unable to find this info in 17.7. If you have a link or could point me in the right direction, I would appreciate it. :)
-
Hi there,
You'll need three separate rules under Firewall: NAT: Port Forward for each individual port.
Unless x.x.121.10, x.x.121.11 are IPs from the WAN, then you must use Firewall: NAT: One to One and forward the whole IP.
Cheers,
Franco
-
Yes, the 121.10 IP addresses are public and on the wan interface.
-
I only want the three ports forwarded, not all ports if that makes any sense. Does the one-to-one forward all ports?
-
Yes, 1 to 1 NAT forwards the whole IP with whole its ports: 1 to 1 NAT means 1 (public IP, all ports) to 1 (private IP, all ports, respectively). You can think of it as an in between 2 IPs (one public, one private) mirroring/ cloning. :)
-
You'll need three separate rules under Firewall: NAT: Port Forward for each individual port.
He could create a port alias with those three ports. Then he needs only two NAT: Port Forward rules, one for each IP. No?
-
You'll need three separate rules under Firewall: NAT: Port Forward for each individual port.
He could create a port alias with those three ports. Then he needs only two NAT: Port Forward rules, one for each IP. No?
Yes!
Only that I wouldn't go this way, since ports 80 and 443 are standard HTTP/S ports: what if, in the future, he would want to connect to other services/ machines on these ports?
So I would use ha-proxy to do a reverse proxy for these two servers, with rules conditioned by corresponding URL strings.
-
Thank you guys for all your input. I got it running like a champ. :)