OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of fridoo »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - fridoo

Pages: [1]
1
General Discussion / Traffic LAN <-> DMZ
« on: November 26, 2018, 04:34:55 pm »
Hi,

I've a configuration with LAN, WAN and DMZ, all pretty standard. The configuration is essentially migrated from an old m0n0wall firewall. Everything seems to work pretty fine (DMZ->WAN, LAN->WAN, WAN->LAN (via NAT), WAN->DMZ (via NAT), except that I cannot access hosts in DMZ from LAN and vice versa. If I do a port probe to a host in DMZ it works if Source is set to 'any' or 'DMZ', but not if it is set to LAN. So it definitely is a routing or firewall issue, not a wiring issue.

Firewall rules are

LAN: all protocols all sources to all destinations
DMZ: allow all protocols to any DMZ address from any LAN address
DMZ: allow traffic to specific hosts/ports in LAN from specific DMZ hosts

It's probably something stupid I forgot, but despite searching this forum and other sources I cannot figure out what I did wrong.

2
18.1 Legacy Series / Re: Can't get NAT working
« on: May 07, 2018, 02:16:00 pm »
I don't have any virtual IPs. If the WAN address is .226, should I add the other 4 as virtual IPs?

1:1 NAT is not an option for us

3
18.1 Legacy Series / Re: Can't get NAT working
« on: May 07, 2018, 11:48:45 am »
Yes, WAN has multiple IP addresses. IP is configured as 217.100.205.226 / 29, gateway 217.100.205.225.

Our provider provided the following IP addresses:
.224 Network address
.225 Gateway
.226 - .230 free usable addresses
.231 broadcast address

Should I use the .224 address in the WAN configuration instead of .226 ?

4
18.1 Legacy Series / Re: Can't get NAT working
« on: May 03, 2018, 04:15:09 pm »
Yes, I used the Port Forward page, and the firewall rules are automatically created.

Here's my NAT setup



Some ports are open for all incoming traffic on a certain WAN address, some (such as Remote Desktop) only for IP adresses of employee home addresses.

5
18.1 Legacy Series / Can't get NAT working
« on: May 03, 2018, 02:05:26 pm »
I know this question has been posted before, but the answers so far haven't helped me so I'm opening a new topic.

We are migrating from m0n0wall to opnsense. All seems to work well, except we can't get NAT working. All stuff without NAT, such as allowing https access to the firewall itself (for test purposes only) is working well. We're testing our connections from outside using 4G, so it's really from outside. When an outside connection is being tried, nothing is showed in the firewall logs. NAT rules (generally in form WANn port x -> LAN host port x) and corresponding firewall rules look fine. Typical behavior is not a refused connection but a timeout.

What am I doing wrong?

regards,

Frido

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2