Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Voix

Pages: [1]

24.7 Production Series / Re: Source IP is always changing to OPNSense's interface

« on: October 18, 2024, 07:39:54 pm »

Thank you!

It actually helped to find the issue.
The problem was not in the OPNSense at all

24.7 Production Series / Re: Source IP is always changing to OPNSense's interface

« on: October 18, 2024, 07:24:36 pm »

Did it, the lines disappeared from the output above, but didn't help: still see RTR's IP by 'w'

24.7 Production Series / Re: Source IP is always changing to OPNSense's interface

« on: October 18, 2024, 07:11:45 pm »

vlan5 - Vlan on DMZ
vlan10 - To ISP (different port)
igc0 - LAN

Code: [Select]

# pfctl -s nat
nat-anchor "miniupnpd" all
no nat proto carp all
nat on tailscale0 inet from <SiteAnet> to any -> (tailscale0:0) port 1024:65535
nat on vlan0.10 inet from <ocserv_clients> to any -> (vlan0.10:0) port 1024:65535
nat on vlan0.10 inet from <SiteBnet> to any -> (vlan0.10:0) port 1024:65535
nat on vlan0.10 inet from (igc0:network) to any port = isakmp -> (vlan0.10:0) static-port
nat on vlan0.10 inet from (lo0:network) to any port = isakmp -> (vlan0.10:0) static-port
nat on vlan0.10 inet from (wg0:network) to any port = isakmp -> (vlan0.10:0) static-port
nat on vlan0.10 inet from (vlan05:network) to any port = isakmp -> (vlan0.10:0) static-port
nat on vlan0.10 inet from 127.0.0.0/8 to any port = isakmp -> (vlan0.10:0) static-port
nat on vlan0.10 inet from (igc0:network) to any -> (vlan0.10:0) port 1024:65535
nat on vlan0.10 inet from (lo0:network) to any -> (vlan0.10:0) port 1024:65535
nat on vlan0.10 inet from (wg0:network) to any -> (vlan0.10:0) port 1024:65535
nat on vlan0.10 inet from (vlan05:network) to any -> (vlan0.10:0) port 1024:65535
nat on vlan0.10 inet from 127.0.0.0/8 to any -> (vlan0.10:0) port 1024:65535
no rdr proto carp all
no rdr on igc0 proto tcp from any to (igc0) port = ssh
no rdr on igc0 proto tcp from any to (igc0) port = http
no rdr on igc0 proto tcp from any to (igc0) port = https
rdr-anchor "miniupnpd" all
binat-anchor "miniupnpd" all

I can't see smth fishy here

24.7 Production Series / Re: Source IP is always changing to OPNSense's interface

« on: October 18, 2024, 06:55:22 pm »

No, GWs are only in Internet and in tailscale interfaces.

24.7 Production Series / Source IP is always changing to OPNSense's interface

« on: October 18, 2024, 06:50:56 pm »

Hi all,

I have the opnsense v.24.7.6 with Internet, LAN and DMZ (with vlan) interfaces.
LAN IP: 10.1.1.0/24
DMZ IP: 10.1.2.0/24

When I reach out the server in DMZ with ssh and issue "w" command, it shows address of router's DMZ interface (10.1.2.1), but not my computer's IP.

At the same time I have no NAT between these interfaces.
"Firewall: NAT: Outbound" is set to Hybrid outbound NA, but there are only rules for Internet interface.

Could you please advise, what could be the reason of the issue?

Pages: [1]