Messages

1

General Discussion / Opnsense 20.1 outbound nat and rules not working (SOLVED)

« on: July 09, 2021, 06:55:40 pm »

Hello to all, i am having a rally extrange problem with my opnsense 20.1 firewall, i have a lot of interfaces and vlans, configured incoming rules to permit inter vlan traffic, and for several of this vlans i confgured outbound nat too, all is working fine with the current configurtion, now i want to add another vlan, and configured captive portal in it, i have crate a incoming rule in the interface and i am tsting inter vlan traffic but it is not working i see traffing entering the interface but nothing happens, no intervlan taffic and there is not any log entry, i have configured outbound nat too but it is not working either.
I have followed this procedure countless times and always worked fine, now it does not work, what should i check?
The procedure is this:
- create vlan interface
- create icoming rule
- create outbound rule

pretty standard procedure.

Forget about this post, i was a human error that was causing the issue.

2

General Discussion / virtual ip disable port forward?

« on: February 11, 2020, 04:01:15 pm »

Hi, i am configuring an opnsense firewall 19.7, i configured several port forwards without creating virtual ips, now i need to configured my mail server so the outgoing ip addrress is the same as the mx record configured in dns. I did it writing the static ip in outgoing nat, so the emails go outside using this ip address instead of the wan interface address, then i read somewhere that it is best to do this using virtual ip, so i created a virtaul ip, modified the outgoing nat rule, now the port forwards does not work anymore, i had to rollback the configuration so my customers can send and receive emails again, what can i check ? or it is by desing that this works this way'

3

19.7 Legacy Series / nat reflection from lan to dmz

« on: December 08, 2019, 03:11:51 pm »

Hi, i have migrated from a fortigate utm to opnsense, i am very impressed with the look and feel and overall easy configuration.
Howerver i am facing a problem that a did not have before with fortigate fw, my topology is very simple:

internet -> core router -> opnsense

opnsense has 3 interfaces: wan, lan and dmz (renamed from opt1), in dmz  i have a plesk panel running a mail/web server i also have an iptv middleware server, both using rfc1819 networks being nated by opnsense. For several factors that i can not change right now i have a mobile appication that uses iptv's server public ip to connect to the middleware system,
Nat is working fine from the outside (public internet), i have enable globally the nat reflection for port forward settings, if i connecto to the iptv server from dmz network all is working fine, so the nat reflection is working into dmz network, this is not happening if i connect to iptv server from lan natwork,  there is a timeout and if i run a tracert command the packet goes to public internet via wan connection instead of redirect me to the internal iptv server in dmz network. split horizon won't help me here beacuse the application is configured internally to use public ip address , not by fqdn.
How can i make this configuration? Am i missing somethng, maybe a redirect rule, if so where do i have to configure it, in out nat or in lan interface?