Messages

1

24.1 Legacy Series / NAT destination as WAN Address matches for all virtual IPs

« on: March 30, 2024, 02:27:53 am »

Hello, I am wondering if this is default behavior.

I have some port forwarding rules set up where in one of the rules the destination is set to WAN Address for port 443 and in another rule I have a virtual IP from my WAN ( I have 5 static IPs and set them up as virtual IPs ) set as the destination.

I discovered that if I have the "WAN Address" destination rule before the rule with the virtual IP as the destination, there is a match and the traffic is forwarded to the wrong server within the LAN, but if I move the virtual IP rules before the WAN Address rule it gets routed correctly.

Is this behavior correct? I would think "WAN Address" would only match the address specifically assigned to the interface, rather than any of the virtual IPs..

If I create an alias for the WAN address with the IP assigned to the interface, the order of the rules doesn't matter and it works as expected.

I also found this post and presume the person was saying the same thing here:
https://forum.opnsense.org/index.php?topic=5501.msg22325#msg22325