Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - mitchinseattle

Pages1
#1
17.1 Legacy Series / Re: one-to-one nat
March 20, 2017, 05:44:36 PM
Hi,

Thanks for your reply, so do I change Source or Destination to single host or IP, or both?

When I change Source to Single host or IP it populates the address field with "LAN" and a netmask of 32.

Destination is currently set to "Any" and if I click on the little Help link it says that's probably what it should be set to.

I'm sure this is probably a very simple thing to set up, but the labels and help text on this page could really use some tweaking to point the user in the right direction, maybe I'll submit a git pull request with some updates once I've got it figured out.

Thanks also for the hint about Tinc, I'll go and install that plug-in now.

Cheers
#2
17.1 Legacy Series / one-to-one nat
March 20, 2017, 07:14:51 AM
Hi,

Firstly I would like to extend a huge thanks to the developers of OPNsense, it is an awesome product, and even though I've only been using it for a few days, it has already simplified so many admin tasks for us.

I am trying to understand how to correctly configure one-to-one nat, I have looked on the wiki but unfortunately there seems to be very little documentation on this topic.

Our OPNsense server has two NICs, one connected to the WAN with the primary IP and a few virtual IPs configured using IP alias, and a second NIC connected to a private LAN using 10.10.10.0/24 for example.

So on the WAN interface, say I have configured a virtual IP of 2.2.2.2/32 and under one-to-one NAT I have added a new rule with 2.2.2.2 as the external IP, for internal I select LAN address, and destination is set to "any", I don't see anywhere where I can specify that I want all traffic forwarded to 10.10.10.99 for example, where do I configure the destination IP for this rule?

My apologies if this seems like an obvious question, I just haven't worked out the correct procedure yet.

Also I noticed on the OPNsense homepage it mentions "► Full Mesh VPN routing using Tinc" which is great, as we use Tinc in switch mode for joining network segments, however under VPN in the UI I only see IPSEC and OpenVPN, where might I go to configure Tinc or is there some documentation on this I can go through?

Thanks for your time and any suggestions you can provide.

Pages1