1
General Discussion / Re: One to One NAT/Port Forward to Virtual IP in a LAN interface
« on: November 03, 2023, 07:19:07 pm »
Mmm not exactly. What is the Security Policy Database (SPD) referred to on that link? It's also not 100% complete, it is missing the IP subnet in the LAN Site B diagram.
I'm using Wireguard in my case so there isn't' a Virtual Net A and Virtual Net B, both nodes are part of the same Tunnel /24, with a single address on each side.
What if there was no tunnel involved, how would you do a NAT between two LAN IPs? Say you want to access 192.168.1.1 using a different LAN IP of 172.0.0.3? Both subnets are connected behind the same interface. Or say the 192.168.1.1 device is connected to a different interface on the OPNSense firewall. Would be easiest if it can all be done in the same interface with an alternate IP (say a 192.168.1.253/29 Virtual IP in this case) assigned to the same interface so the firewall can reach the host at 192.168.1.1.
I'm using Wireguard in my case so there isn't' a Virtual Net A and Virtual Net B, both nodes are part of the same Tunnel /24, with a single address on each side.
What if there was no tunnel involved, how would you do a NAT between two LAN IPs? Say you want to access 192.168.1.1 using a different LAN IP of 172.0.0.3? Both subnets are connected behind the same interface. Or say the 192.168.1.1 device is connected to a different interface on the OPNSense firewall. Would be easiest if it can all be done in the same interface with an alternate IP (say a 192.168.1.253/29 Virtual IP in this case) assigned to the same interface so the firewall can reach the host at 192.168.1.1.