Messages

1

General Discussion / Re: Translate outgoing request for external IP to internal IP?

« on: March 19, 2020, 05:46:07 pm »

Wow, thanks so much for the speedy response!!!

Unfortunately I am used to configuring consumer-grade routers, not professional ones like OPNsense.  Thus my experience with NAT is roughly that everything is automatically configured, except for port forwards where I simply provide a list of internal IPs and ports.  All the new options are wonderful but overwhelming.

In this specific case, my confusion is about which packet headers are getting rewritten by which rule.  If I correctly understand your explanation, when I send a packet from 192.168.1.50 to 10.0.0.100, the "Port Forward" rule rewrites "Destination" from 10.0.0.100 to 192.168.1.100, but it leaves "From" as 192.168.1.50.  So then the "Outbound" rule would somehow rewrite "Source" from 192.168.1.50 to 192.168.1.1.  But I don't understand how the given rule makes this happen.

Is it a pipeline where Port Forward comes first, changing the destination?  And next the Outbound rule is applied, and it matches since we just changed the destination to 192.168.1.100?

2

General Discussion / Re: Translate outgoing request for external IP to internal IP?

« on: March 19, 2020, 04:47:10 pm »

@mimugmail, thanks so much!!!  My colleague managed to implement your suggestion, and we are very grateful.

To elaborate on the solution, his settings are as follows:

Port Forward:
  Interface: LAN
  Proto: TCP
  Source Address: *
  Source Ports: *
  Destination Address: 10.0.0.100
  Destination Ports: 80
  NAT IP: 192.168.1.100
  NAT Ports: 5580  [port of SSH tunnel]

Outbound:
  Mode: Hybrid outbound NAT rule generation
  Manual rules:
    Interface: LAN
    Source: any
    Source Port: *
    Destination: 192.168.1.100/32
    Destination Port: 5580
    NAT Address: Interface Address
    NAT Port: *
    Static Port: NO

I hope this helps in case anyone else has the same question.  I don't yet understand what's going on, but I hope he can explain tomorrow.   

3

General Discussion / Re: Translate outgoing request for external IP to internal IP?

« on: March 19, 2020, 08:34:30 am »

@mimugmail, I agree, that would have been the sensible way to proceed.  Unfortunately everything has already been set up with hard-coded references everywhere to the IP address.    I would have done it differently, but that's out of my control.

4

General Discussion / Translate outgoing request for external IP to internal IP?

« on: March 18, 2020, 11:01:38 pm »

Hello, I'm running OPNsense 19.7.10_1-amd64 with a LAN subnet of 192.168.1.0/24 and DHCP.

I need to connect to a webserver on 10.0.0.100, which I am supposed to access via a VPN.  Unfortunately this VPN is broken and cannot be fixed.  It's out of my control.

As a workaround, I have set up a computer at 192.168.1.100 with an ssh port forward to 10.0.0.100.  Thus I can access the webserver on 192.168.1.100.  The problem is that the IP address is wrong.

Is there any way to configure OPNsense so that requests for 10.0.0.100 get translated to 192.168.1.100, and the response gets translated back?

I think I need to use some sort of NAT.  However, since the main use case for NAT is between an internal and external network, I haven't managed to find examples of how to send outbound traffic back in.  I'm not experienced enough to understand all the settings.  Would anyone be willing to help me out?

Thanks so much!
-Ben