1
18.7 Legacy Series / NAT 1:1, an iptables NETMAP target equivalent
« on: September 21, 2018, 03:47:43 pm »
Hi everyone,
I'd like to virtualize a miriad of external networks that we have to connect to.
Ideally, I'd like to have a /16 virtual network, that depending on the IP range, would be NATed to a different destination network.
On iptables I would use a NETMAP target, like in this random example:
iptables -t nat -A PREROUTING -d 10.181.0.0/16 -j NETMAP --to 192.168.0.0/16
For the purpose of the example above, my LAN network is 10.60.0.0/16, the virtual network would be 10.181.0.0/16, while the real NATed destination would be 192.168.0.0/16. I could connect to a virtual IP of 10.181.1.100 and be NATed to 192.168.1.100.
I thought to use NAT 1:1 configuration + virtual IPs, but I cannot achieve the target configuration with OPNsense.
So far, the documentation lets me think that I could use NAT 1:1 for this purpose, even if usually it's used to allow public IPs to be accessible in LAN.
What am I missing? Is it achievable with OPNsense?
I'd like to virtualize a miriad of external networks that we have to connect to.
Ideally, I'd like to have a /16 virtual network, that depending on the IP range, would be NATed to a different destination network.
On iptables I would use a NETMAP target, like in this random example:
iptables -t nat -A PREROUTING -d 10.181.0.0/16 -j NETMAP --to 192.168.0.0/16
For the purpose of the example above, my LAN network is 10.60.0.0/16, the virtual network would be 10.181.0.0/16, while the real NATed destination would be 192.168.0.0/16. I could connect to a virtual IP of 10.181.1.100 and be NATed to 192.168.1.100.
I thought to use NAT 1:1 configuration + virtual IPs, but I cannot achieve the target configuration with OPNsense.
So far, the documentation lets me think that I could use NAT 1:1 for this purpose, even if usually it's used to allow public IPs to be accessible in LAN.
What am I missing? Is it achievable with OPNsense?