Show Posts
1
16.7 Legacy Series / TCP port redirect (NAT / PAT) on transparent firewall (Bridging) mode
« on: August 08, 2016, 12:38:10 pm »
Hello all,
First i would like to say a big thank you for the community for the support and for the great open product that opnsense is making!
here is the my issue:
i have a solution that I'm deploying for a client, they run public IPs on their internal network (they are a school).
since they run public IPs internally they don't use any kind of NAT/PAT on their current network environment.
my solution requires a port redirection from port 80 to 9980 and from port 443 to 9443 (all TCP ports).
this was easily done if they had NAT in place, however, they dont.
So, i would like to use a firewall (OPNSense) in transparent mode (Bridging) and place it inline of the solution i have to deploy.
this is what i had in mind to address the problem:
Topology:
Network ----------- OPNSENSE firewall (bridging mode) ----------- Device
IP Packet:
DST: Device_IP:80 >---->NAT (port redirect) done on OPNSense >----> DST: Device_IP:9980
DST = Destination IP address and TCP ports
I was able to configure the OPNsense firewall to perform bridging, the device can reach the network and vice versa, I was able to accomplish by following this guide https://docs.opnsense.org/manual/how-tos/transparent_bridge.html
filtering is also working OK, as im able to play with the firewall rules and block or allow traffic.
The issue:
no mater what i do, the firewall (OPNSense) does not perform NAT, i played with all port redirect options and simply the firewall does not change the port on the IP packet that goes towards the DEVICE on the topology above.
is OPNSense capable of performing NAT on layer 2 Bridging mode?
First i would like to say a big thank you for the community for the support and for the great open product that opnsense is making!
here is the my issue:
i have a solution that I'm deploying for a client, they run public IPs on their internal network (they are a school).
since they run public IPs internally they don't use any kind of NAT/PAT on their current network environment.
my solution requires a port redirection from port 80 to 9980 and from port 443 to 9443 (all TCP ports).
this was easily done if they had NAT in place, however, they dont.
So, i would like to use a firewall (OPNSense) in transparent mode (Bridging) and place it inline of the solution i have to deploy.
this is what i had in mind to address the problem:
Topology:
Network ----------- OPNSENSE firewall (bridging mode) ----------- Device
IP Packet:
DST: Device_IP:80 >---->NAT (port redirect) done on OPNSense >----> DST: Device_IP:9980
DST = Destination IP address and TCP ports
I was able to configure the OPNsense firewall to perform bridging, the device can reach the network and vice versa, I was able to accomplish by following this guide https://docs.opnsense.org/manual/how-tos/transparent_bridge.html
filtering is also working OK, as im able to play with the firewall rules and block or allow traffic.
The issue:
no mater what i do, the firewall (OPNSense) does not perform NAT, i played with all port redirect options and simply the firewall does not change the port on the IP packet that goes towards the DEVICE on the topology above.
is OPNSense capable of performing NAT on layer 2 Bridging mode?