OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: rabarbar on September 21, 2018, 03:47:43 pm

Title: NAT 1:1, an iptables NETMAP target equivalent
Post by: rabarbar on September 21, 2018, 03:47:43 pm
Hi everyone,

I'd like to virtualize a miriad of external networks that we have to connect to.
Ideally, I'd like to have a /16 virtual network, that depending on the IP range, would be NATed to a different destination network.

On iptables I would use a NETMAP target, like in this random example:
iptables -t nat -A PREROUTING -d 10.181.0.0/16 -j NETMAP --to 192.168.0.0/16

For the purpose of the example above, my LAN network is 10.60.0.0/16, the virtual network would be 10.181.0.0/16, while the real NATed destination would be 192.168.0.0/16. I could connect to a virtual IP of 10.181.1.100 and be NATed to 192.168.1.100.

I thought to use NAT 1:1 configuration + virtual IPs, but I cannot achieve the target configuration with OPNsense.
So far, the documentation lets me think that I could use NAT 1:1 for this purpose, even if usually it's used to allow public IPs to be accessible in LAN.

What am I missing? Is it achievable with OPNsense?