OPNsense Forum

English Forums => General Discussion => Topic started by: Wyrm on July 17, 2018, 12:59:27 pm

Title: 2 wan IP from local net of ISP
Post by: Wyrm on July 17, 2018, 12:59:27 pm
Hi,
I have opnsense in customer network where is provider who does 1:1 NAT in his network. So I have 2 WAN IP from him in local private subnet. From outside they are showing 2 public IP.
It is mainly for dividing traffic and speed for customer - it is hotel where some speed has office and some speed guests.
I need to significaly divide and source nat both networks to have for each of them public ip from outside.
I have set first local IP from ISP to WAN interface and it is working now for both network all with NAT. I have also set second IP as VIRTUAL IP and now I would like to do some NAT and another settings.
How to send traffic from on of local networks to second local ip (ISP nat to public) ?
Should I use NAT 1:1 or how to set this ?
I also need to have later guests in captive portal...

Thanks for some answer and help... ;)
Title: Re: 2 wan IP from local net of ISP
Post by: mimugmail on July 17, 2018, 01:03:01 pm
Only outbound nat?
Title: Re: 2 wan IP from local net of ISP
Post by: Wyrm on July 17, 2018, 01:11:56 pm
Hi,
I have functional outbound manual NAT for first ip but I also added rules for second ip and it does not work.

I need also to make some speed limits for guests and other settings...not only nat..
Title: Re: 2 wan IP from local net of ISP
Post by: mimugmail on July 17, 2018, 01:37:33 pm
Then I think outbound NAT should be fine, no need for 1:1.
Can you show a screenshot of your NAT rules?
Title: Re: 2 wan IP from local net of ISP
Post by: Wyrm on July 17, 2018, 01:50:44 pm
Hi,
I am sending them in attachement.

Network 10.0.201.125/16(public 82.100.8.173) is first isp local ip and 10.0.201.126/16(public 82.100.8.174) second.
Office network is 192.168.16.0/24 and guests is 10.20.30.0/24
Title: Re: 2 wan IP from local net of ISP
Post by: mimugmail on July 17, 2018, 02:01:38 pm
So WAN address is 173 and where is the NAT entry regarding 174?
Title: Re: 2 wan IP from local net of ISP
Post by: Wyrm on July 17, 2018, 02:10:20 pm
It is in rules with ip 10.0.201.126 - it is specified from list, because it is virtual ip on WAN interface
Title: Re: 2 wan IP from local net of ISP
Post by: Wyrm on July 17, 2018, 02:15:40 pm
Just look in attachement...there it si visible...
Title: Re: 2 wan IP from local net of ISP
Post by: mimugmail on July 17, 2018, 02:20:45 pm
But NAT address should be 174 and not the private one?

EDIT: for outbound NAT ...
Title: Re: 2 wan IP from local net of ISP
Post by: Wyrm on July 17, 2018, 02:30:27 pm
It should be private WAN, because it only works with it. I had before all on Mikrotik router (now it is connected after opnsense as switch and wifi manager) and it only worked with outbound nat to internal net of provider (10.0.201.125 and 10.0.201.126). So now it works only for 82.100.8.173 with nat to 10.0.201.125 which is nated by isp ...
I do not have public IPs on opnsense...only isp local lan 10.0.201.125 and as virtual ip 10.0.201.126
Title: Re: 2 wan IP from local net of ISP
Post by: mimugmail on July 17, 2018, 02:47:39 pm
On Translation/Target .. do you choose the Alias from the list or did you just type the address (which is wrong)?
Title: Re: 2 wan IP from local net of ISP
Post by: Wyrm on July 17, 2018, 03:17:37 pm
I choosed address from list. Not typed
Title: Re: 2 wan IP from local net of ISP
Post by: Wyrm on July 17, 2018, 06:21:30 pm
Now i do NAT for guests network (10.20.30.0/24) by Mikrotik unit, which has hotspot service on itself and this is all temporary to time I could solve the whole nat problem.
So guests are nated by that Mikrotik unit which uses office lan network as WAN.

Title: Re: 2 wan IP from local net of ISP
Post by: Wyrm on July 17, 2018, 10:29:04 pm
Are my settings OK ? Or what to recommend ?
Title: Re: 2 wan IP from local net of ISP
Post by: mimugmail on July 18, 2018, 05:51:46 am
If it doesnt work I'd check via Console with tcpdump the packets are leaving with the correct address
Title: Re: 2 wan IP from local net of ISP
Post by: Wyrm on July 18, 2018, 09:12:53 am
Hi. Thanks. I will test all onsite when i will be back to customer office. It is not good to do this from remote.
Title: Re: 2 wan IP from local net of ISP
Post by: mimugmail on July 18, 2018, 09:23:19 am
It is not good to do this from remote.

Indeed!  :)