Show Posts
1
22.7 Legacy Series / Help with One-to-One NAT
« on: January 13, 2023, 08:55:15 pm »
Hello, I'm having trouble getting One-to-one NAT working for me.
Here's my setup: I have 3 servers running esxi 7 (let's call them server1-3). All 3 are connected to a dedicated switch and only server1 has a connection to the main network (corporate and internet). I have an OPNsense VM running on server1 to deal with access to the main network. My subnet on the main network is 10.158.0.0/24 and I can use any of the 254 IPs.
What I want to do is give full access to the management interfaces of the other two servers to the main network. I'm starting with just one. I'd like 10.158.0.21 to go directly to server2's management IP.
On server2 I have a VMKernel NIC setup for management with IP 192.168.1.21. On server1 I setup two port groups, 'Lab DMZ Internal' and 'Lab DMZ External'. External is connected to the vSwitch with uplinks to the main network and Internal is connected to the vSwitch with uplinks to the network between the 3 routers. The OPNsense VM has 4 interfaces. The original WAN and LAN(subnet 192.168.0.0/24) for regular access to the internet and then Lab2Internal (assigned to Lab DMZ Internal Port group) and Lab2External(assigned to LAB DMZ External). Lab2External has a static IP of 10.158.0.21, Lab2Internal has a static IP of 192.168.1.1 (but I have tried it without any IP as well).
I've tested with pass rules and can access the GUI interface from both 10.158.0.21 and 192.168.1.21 so traffic is getting to the VM from both interfaces. However I can seem to get it to just simply NAT literally everything from 'Lab DMZ External' to 'Lab DMZ Internal'
Could someone either direct me to a guide that makes how to do this painfully clear or give me the steps here? I would be forever grateful.
Here's my setup: I have 3 servers running esxi 7 (let's call them server1-3). All 3 are connected to a dedicated switch and only server1 has a connection to the main network (corporate and internet). I have an OPNsense VM running on server1 to deal with access to the main network. My subnet on the main network is 10.158.0.0/24 and I can use any of the 254 IPs.
What I want to do is give full access to the management interfaces of the other two servers to the main network. I'm starting with just one. I'd like 10.158.0.21 to go directly to server2's management IP.
On server2 I have a VMKernel NIC setup for management with IP 192.168.1.21. On server1 I setup two port groups, 'Lab DMZ Internal' and 'Lab DMZ External'. External is connected to the vSwitch with uplinks to the main network and Internal is connected to the vSwitch with uplinks to the network between the 3 routers. The OPNsense VM has 4 interfaces. The original WAN and LAN(subnet 192.168.0.0/24) for regular access to the internet and then Lab2Internal (assigned to Lab DMZ Internal Port group) and Lab2External(assigned to LAB DMZ External). Lab2External has a static IP of 10.158.0.21, Lab2Internal has a static IP of 192.168.1.1 (but I have tried it without any IP as well).
I've tested with pass rules and can access the GUI interface from both 10.158.0.21 and 192.168.1.21 so traffic is getting to the VM from both interfaces. However I can seem to get it to just simply NAT literally everything from 'Lab DMZ External' to 'Lab DMZ Internal'
Could someone either direct me to a guide that makes how to do this painfully clear or give me the steps here? I would be forever grateful.