OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of dyoung »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - dyoung

Pages: [1]
1
20.1 Legacy Series / Re: outbound NAT
« on: February 08, 2020, 01:51:15 am »
UPDATE

Don't like this for an answer, but rebooted today and now the automatic outbound NAT works.

2
20.1 Legacy Series / outbound NAT
« on: February 07, 2020, 01:21:33 am »
Working with 20.1 that has been factory reset for testing.
LAN interface
     DHCP is assigning this interface 192.168.2.222
     Route added -- 193.168.1.0/24 -> 192.168.2.222
WAN interface is connected to DD WRT router for testing.
     DD WRT is assigned 193.168.1.1
     DHCP has assigned WAN interface 193.168.1.129
     Route added -- 192.168.2.0/24 -> 193.168.1.129

When using automatic NAT rules:
         LAN    127.0.0.0/8    *    *    500    LAN    *    YES    Auto created rule for ISAKMP
        LAN    127.0.0.0/8    *    *    *            LAN    *    NO    Auto created rule
        WAN    127.0.0.0/8    *    *    500    WAN    *    YES    Auto created rule for ISAKMP
        WAN    127.0.0.0/8    *    *    *            WAN    *    NO    Auto created rule
Packet captures on the WAN interface while ping is running and connection to DD WRT web interface:
WAN em0   00:30:10.025146 IP 192.168.2.170.41638 > 193.168.1.1.80: tcp 0
WAN em0   00:30:10.025267 IP 193.168.1.1.80 > 192.168.2.170.41638: tcp 0
WAN em0   00:30:10.025493 IP 192.168.2.170.41638 > 193.168.1.1.80: tcp 0
WAN em0   00:30:10.026023 IP 193.168.1.1.80 > 192.168.2.170.41638: tcp 0
WAN em0   00:30:10.856352 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 12, length 64
WAN em0   00:30:10.857010 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 12, length 64
WAN em0   00:30:11.037881 IP 192.168.2.170.41640 > 193.168.1.1.80: tcp 0
WAN em0   00:30:11.038510 IP 193.168.1.1.80 > 192.168.2.170.41640: tcp 0
WAN em0   00:30:11.038765 IP 192.168.2.170.41640 > 193.168.1.1.80: tcp 0
WAN em0   00:30:11.862251 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 13, length 64
WAN em0   00:30:11.862909 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 13, length 64

No NAT Translation. :(
When I use Manual outbound NAT rules:
       WAN    LAN net    *            *    *            Interface address    *    NO         
      WAN    LAN net    icmp/ *    *    icmp/ *    Interface address    *    NO         
Packet captures on the WAN interface while ping is running and connection to DD WRT web interface:
WAN em0   00:37:07.374455 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 426, length 64
WAN em0   00:37:07.375152 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 426, length 64
WAN em0   00:37:08.380369 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 427, length 64
WAN em0   00:37:08.381022 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 427, length 64
WAN em0   00:37:08.561750 IP 193.168.1.129.29196 > 193.168.1.1.80: tcp 0
WAN em0   00:37:08.562372 IP 193.168.1.1.80 > 193.168.1.129.29196: tcp 0
WAN em0   00:37:08.562658 IP 193.168.1.129.29196 > 193.168.1.1.80: tcp 0
WAN em0   00:37:09.042284 IP 193.168.1.129.29196 > 193.168.1.1.80: tcp 328

NAT translates HTTP but not ICMP. :-\

Not sure what I am missing.  Everything else seems pretty self explanatory.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2