OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of g_man_be »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - g_man_be

Pages: [1]
1
23.1 Legacy Series / Re: Help troubleshooting nat reflection
« on: June 21, 2023, 05:54:35 pm »
Hello, I changed my title, maybe it's more "attractive".
Maybe someone can give me a hint where to look, how to troubleshoot my issue? I assume it's NAT reflection because I can see the traffic going out, but never back in  :-\
Thanks a lot!

2
23.1 Legacy Series / Help troubleshooting nat reflection
« on: June 20, 2023, 06:23:32 pm »
Hello all,

I have somehow the same issues as this person: https://forum.opnsense.org/index.php?topic=14355.msg66216#msg66216

But in my case, I have already enabled all these advanced settings:

 Reflection for port forwards   
 Reflection for 1:1   
 Automatic outbound NAT for Reflection


Here is a description of my network:

WAN 2 Public IPs
|
OPN (IP: 10.50.0.2)
|
VM1 => Local IP:
   - 10.50.0.3/32
   - 10.50.0.4/32

In opnsense I have these port forwarding rules:
- 80 and 443 => 10.50.0.3
- 587 (and other) => 10.50.0.4

And I also have these outbound rules:
- 10.50.0.3/32 => Public IP1
- 10.50.0.4/32 => Public IP2


From the VM1 (where both private IPs are attached to), I can ping all public and private IPs, no problem here. But if I curl or nc any port of the respective public IPs, I get no answer. If I do the same with the private IP it's working.
And I create this kind of rule to forward traffic through each specific private IP address:
iptables -t nat -I POSTROUTING -p all -s 172.23.0.2 ! -d 172.23.0.2 -j SNAT --to-source 10.50.0.4

I must add that this network is hosted in a German public cloud provider. Not sure this has an impact.

Based on other threads, there was a bug related to this in v17 or 18, but I am currently using this version:
OPNsense 23.1.9-amd64

Can someone help me troubleshoot this? To be honest, I don't have this much networking knowledge, so probably the answer is simple, but I don't know where to start, and how to troubleshoot this. I already looked in multiple articles in this forum and other websites but I am still blocked.

Thanks a lot for your help!

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2