Messages

Hi S.

Thank you very much for your reply. My answer is "B" and why I would want to do that? In this example I used DNS only as an example. I actually want to port forward RDP on custom ports through the public address which makes this a "jump server". Why we need to do this? Because depending on the internet service providers in my location, the international gateways have different speeds... sometimes, some routes to specific countries are just blocked (or perhaps speed/route is so slow it seems like this) and timeout.

I have managed to find a solution using Caddy and Layer4 proxy which is working a charm now.

For simplicity, I would still like to understand how it should be setup with SNAT/DNAT as I'm still fairly new to OPNsense and it would be great to be able to use another method other than CADDY.

5 second setup on Astaro:

Settings here indicate incoming traffic on Pub_3bb address will go back out on the same address.

OPNsense DNAT

NAT Reflection is set to DEFAULT.

OPNsense SNAT

Any reason, why you have created the rules on pub_ais, while the origin rule on the Astaro are applied to Pub_3bb?

Apart from this you need to change the protocol in both NAT rule to "TCP/UDP", since DNS use both.

The interfaces we have are
Pub_AIS
Pub_3bb
Pub_True
...
Pub = Public / External interface connected to the internet
_xxx = the Internet service provider

...

As we have load balancing over these 3 ISP interfaces.

I have 2hrs support included that I haven't used, what email do I send to?
I've looked everywhere and its really hard to find the official support channel.

Hi All,

We are an active business license user. We can't seem to find where to open a ticket to get support, so I'm posting here for the benefit of others.

We have been slowly migrating from Astaro/SophosUTM to OPNsense now and so far, are happy with the results, for the most part this is a nice platform and quite stable.

We have a firm requirement to be able to use opnsense as a "jump host" for certain services (ports) and send them to other servers on the net. (reference: Pub_3bb and Pub_ais are both public interfaces)

I understand that this might seem strange to some, but it's quite normal for us. The use cases for this are for businesses, and I've included a screenshot of how simple this setup was/is in Astaro.

Below, we have been trying to get the same results but without a stable result. We have been partially successful in that we initially got the setup to work for a few hours, but then after some time, it failed to work and will not come back.

Suspicions lie in our multi-wan (3 connections), and perhaps we don't fully understand some of the options available for SNAT/DNAT. Personally, I can easily understand DNAT, but SNAT confuses me.

We need some guidance in getting this setup to work 100% reliably so we can complete some more of our migrations.

Any assistance is greatly appreciated and would kindly ask to skip asking "why" we need this. Think if you have some old clients on shared low-speed international lines, but they have high-speed local access and they need fast international remote access but aren't able to pay for it.

5 second setup on Astaro:

Settings here indicate incoming traffic on Pub_3bb address will go back out on the same address.

OPNsense DNAT

NAT Reflection is set to DEFAULT.

OPNsense SNAT



Some more of the advanced settings:


Any help in getting this working for us would greatly be appreciated, we are willing to open a support ticket if required, just need a bit of help locating where to do that.