Messages

1

22.7 Legacy Series / Re: nat for some internal ip's is not working

« on: December 27, 2022, 01:45:01 pm »

Hello,

cause i have a similar problem but with a fixed ppoe line and IP where sometime a resync happens between modem. And randomly the connected dect phones want not reregister till i restart the n670 master basestation.
I looked through firewall settings and...
There is a config setting in Firewall -> Settings called Dynamic state reset and it will flush entire state table on IPv4 address changes. Sounds like a solution, hopefully also for scenarios like mine where the IP is changing to the same as before the reconnection.

2

22.7 Legacy Series / Re: 3 NAT not working

« on: December 27, 2022, 01:03:09 pm »

Hello,

for your case to map specific ports from an external IP to internal IPs and ports with NAT you will define Port Forward and Firewall Rules for WAN.
Settings for outbound NAT mostly fine with "Automatic outbound..." or "Hybrid outbound...", last one is used when you want also define specific outbound rules, like mapping internal IPs to different external IPs. These two sets should already created some automatic rules for mapping your internal networks with your WAN Interface and Address. This should be fine and you should be able to communicate from internal network to the world wide web.

To let the world wide web reach your two servers behind this NAT we need define port forwarding rules next.
Go to Firewall -> Port Forward and add a new rules for your server.
Set an interface - mostly WAN
IP Version - v4
Protocol - TCP or UDP or both
Source - leave as it is for the whole world or define IP or net ranges from where packets could come
Destination - your external IP
Destination port range - a port or range you want to provide outside
Redirect target IP - choose Single host or Network and than internal IP of your server
Redirect target port - a port or range your server internal provides
Description - name it

save it and do the same for the second one
after all don`t forget to apply

Now under Firewall -> Rules there should be automatically added two new pass rules for your WAN interface
like, inbound packets on WAN interface from anywhere (or specific sources/ports) to internal server IP on port allowed.
If not you have to create them manually.
Same for your webconfig this should be defined here too, add an allow/pass rule for this interface.
But think about that you can not have port 443 on your external IP providing to two services, you have to change either the port from one server or your webconfig service.

greets, ladeschale

3

Tutorials and FAQs / Re: OPNsense User Manual - Setup Traffic Shaping Question

« on: March 17, 2018, 01:16:55 am »

I'm not sure why it's called destination/source for mask, maybe a placeholder, cause it means something different like intuitively you would expect.
Mask defines how a given bandwith will affect clients and not their direction.

Destination means share the total bandwidth of this pipe among all connected clients.
Source means provide all connected clients up to a maximum of this pipe configured bandwidth