Show Posts
1
23.7 Legacy Series / Disable NAT but keep the firewall
« on: October 30, 2023, 01:28:21 pm »
Hi all,
I am in need of keeping the firewall, but disabling NAT. I'm to the point of getting circular results on Google. I apologize that I can't reveal too much information, but we are a sub entity of a larger organization. We operate independently, but we are a /16 VLAN of that larger organization with a static WAN IP in their network. Their cyber response team monitors the entire system. We've had a few instances of malware recently, but since we run OPNsense, all they see is our WAN IP when something is infected. They are requesting that we disable NAT so when they spot an infection they can directly tie it to an internal IP for swift resolution. So, for example, if machine 192.168.50.10 is infected, they see that IP on their end and not our WAN IP.
I found this post, but the steps do not seem to work on the current version. (https://forum.opnsense.org/index.php?topic=8778.0)
I have two OPNsense boxes with a single host on the LAN side of each in my office. Traffic flows perfectly with NAT set to auto or hybrid. But, as soon as I switch NAT to manual or disabled modes all traffic stops. I even went as far as just creating an allow all rule on both the LAN and WAN side just to get something, but nothing has worked.
I'm to the point now that I am not sure if it's just not possible or if I am not writing the rules correctly. If anyone has a step by step on how to accomplish this, it would be very helpful.
Thanks!
I am in need of keeping the firewall, but disabling NAT. I'm to the point of getting circular results on Google. I apologize that I can't reveal too much information, but we are a sub entity of a larger organization. We operate independently, but we are a /16 VLAN of that larger organization with a static WAN IP in their network. Their cyber response team monitors the entire system. We've had a few instances of malware recently, but since we run OPNsense, all they see is our WAN IP when something is infected. They are requesting that we disable NAT so when they spot an infection they can directly tie it to an internal IP for swift resolution. So, for example, if machine 192.168.50.10 is infected, they see that IP on their end and not our WAN IP.
I found this post, but the steps do not seem to work on the current version. (https://forum.opnsense.org/index.php?topic=8778.0)
I have two OPNsense boxes with a single host on the LAN side of each in my office. Traffic flows perfectly with NAT set to auto or hybrid. But, as soon as I switch NAT to manual or disabled modes all traffic stops. I even went as far as just creating an allow all rule on both the LAN and WAN side just to get something, but nothing has worked.
I'm to the point now that I am not sure if it's just not possible or if I am not writing the rules correctly. If anyone has a step by step on how to accomplish this, it would be very helpful.
Thanks!