Messages

1

General Discussion / Re: 1:1 NAT not working

« on: December 31, 2021, 01:04:21 pm »

Hi

@elvinmammadov could you show, what Firwall rule you use for the WAN interface?

@bartjsmit I followed a description from the book OPNSense Praktiker by Markus Stubbing. There is an example as described by elvinmammadov  with a virtual IP on the WAN interface. The description is similar to the pfsense guide: https://docs.netgate.com/pfsense/en/latest/nat/1-1.html

I followed those steps, and used the /32 suffix, as you described.

Wenn accessing the virtual IP 172.17.1.15:8006 from the host 172.17.1.23 I am getting the following Firewall log entry:

Code: [Select]

wan Dec 31 12:22:03 172.17.1.23:36562 10.1.1.2:8006 tcp Default deny rule
That is similar what elvinmammadov describes, the access happens in the name of the host, not the virtual IP.

What I don't understand, Bart said I need no Firewall rule, but the default rule seems to deny the access. On the other hand my added Firewall rule on the WAN interface for 172.17.1.15 to 10.1.1.2 does not apply. There are only 5 automatic rules on the WAN interface and I am not sure, where the default deny rule comes from as ist is not part of the automatic rules there?

Did they change the way 1:1 NAT works in terms of firwall rules?

I am Running OPNsense 21.7.7

Thanks for your help.

Regards,
Günter