OPNsense Forum

English Forums => General Discussion => Topic started by: MrCroa on June 05, 2018, 04:33:23 pm

Title: Question about inbound NAT and "Reply-to on WAN rule"
Post by: MrCroa on June 05, 2018, 04:33:23 pm

Hello folks,

I'm trying to migrate my firewall (linux iptables) to an opnsense virtual machine. I converted all rules to OPNsense, but first time I tried an inbound nat rule on a external cidr range 193.x.x.x/27 routed to opnsense wan, it didn't work.

I was going to became crazy when I check the box "Disable reply-to on wan rule" and it was suddenly working.

I'm not sure I understand why I have to check this to make it work.

Can you explain this to me ?

Thanks

Title: Re: Question about inbound NAT and "Reply-to on WAN rule"
Post by: franco on June 05, 2018, 09:59:07 pm

It tries to pin the return traffic to a specific gateway in case Multi-WAN is used. Otherwise the return traffic may return the other WAN interface, which is not working for the remote end.

Sometimes the gateway receiving the reply refuses to send it back to the internal network and it looks like it's not working.

If you don't have Multi-WAN global disable of reply-to is also feasible.


Cheers,
Franco

Title: Re: Question about inbound NAT and "Reply-to on WAN rule"
Post by: MrCroa on June 06, 2018, 09:10:37 am

Yes but I don't have multi-WAN, so it's not supposed to work anyway with or without reply-to rules ?

Title: Re: Question about inbound NAT and "Reply-to on WAN rule"
Post by: franco on June 12, 2018, 09:36:23 am

Sorry, I don't understand your question.


Cheers,
Franco