Show Posts
1
24.7 Production Series / [RESOLVED] Requesting help with One-to-One NAT setup
« on: November 13, 2024, 04:32:02 pm »
Hey there,
this is my first post, so please be kind.
I tried to find my answers in the documentation, in this forum and on the web.
I am struggling to get One to One NAT to work in my setup.
Context
I have recently rebuilt my firewall setup and switched to OPNsense on a Sophos SG 135 rev3 box.
I was running a PFsense installation inside a VM previously.
So far, most things run fine, but I cannot get 1:1 NAT to work.
Glossary
My Setup
I use OPNsense in a home lab environment with the goal of separating my lab from the rest of my main LAN (mLAN).
mLAN: 192.168.2.0/23 (yes, 23 not 24) - Uplink gateway: 192.168.2.1
oWAN configuration: 192.168.2.2/23 - Gateway 192.168.2.1
oLAN configuration: 10.10.0.1/16
Behind OPNsense I run a Proxmox host with several containers and VMs, assigned different VLANs.
The full setup is connected via a managed L2 switch.
The switch is connected to the upstream router of the LAN, the firewall, mLAN devices and proxmox.
I separated the devices via port based VLANs.
What I am trying to achieve
I wish to expose one of the containers inside oLAN to oWAN (consequently to mLAN) to a WAN IP.
oLAN IP: 10.10.2.101
oWAN IP: 192.168.3.101
One thing to note: the container runs in a VLAN with ID 20 on a separate Interface on SN 10.10.2.0/24 (GW 10.10.2.1)
The container has internet access and uses Gateway 10.10.2.1.
The problem of my current setup
When pinging the container from oWAN (192.168.2.11 to be exact), the container receives the ICMP requests, sends out an echo, but the echo does not find its way back to 192.168.2.11.
My configuration
Created Virtual IP
Address: 192.168.3.101/32
Interface: WAN
Type: IP Alias
One-to-One NAT
Interface: WAN
Type: BINAT
External network: 192.168.3.101/32
Source/Internal: 10.10.2.101
Destination: any
NAT reflection: default
Outbound NAT
Mode: Automatic
I unsuccessfully tried Hybrid mode with a manual rule:
Interface: WAN
Source: 10.10.2.101/32
Destination: *
NAT Address: 192.168.3.101
Static Port: NO
Advanced Firewall Settings
Network Address Translation
Reflection for port forwards: on
Reflection for 1:1: on
Automatic outbound NAT for Reflection: on
I am running on the latest OPNsense version 24.7.8-amd64.
Thank you for all offered help. I will gladly provide more information.
Best Regards,
Jannick
this is my first post, so please be kind.
I tried to find my answers in the documentation, in this forum and on the web.
I am struggling to get One to One NAT to work in my setup.
Context
I have recently rebuilt my firewall setup and switched to OPNsense on a Sophos SG 135 rev3 box.
I was running a PFsense installation inside a VM previously.
So far, most things run fine, but I cannot get 1:1 NAT to work.
Glossary
| Term | Description |
| mLAN | The main LAN of my uplink router (not OPNsense) |
| oWAN | The WAN interface of OPNsense (part of mLAN) |
| oLAN | The LAN of OPNsense. |
My Setup
I use OPNsense in a home lab environment with the goal of separating my lab from the rest of my main LAN (mLAN).
mLAN: 192.168.2.0/23 (yes, 23 not 24) - Uplink gateway: 192.168.2.1
oWAN configuration: 192.168.2.2/23 - Gateway 192.168.2.1
oLAN configuration: 10.10.0.1/16
Behind OPNsense I run a Proxmox host with several containers and VMs, assigned different VLANs.
The full setup is connected via a managed L2 switch.
The switch is connected to the upstream router of the LAN, the firewall, mLAN devices and proxmox.
I separated the devices via port based VLANs.
What I am trying to achieve
I wish to expose one of the containers inside oLAN to oWAN (consequently to mLAN) to a WAN IP.
oLAN IP: 10.10.2.101
oWAN IP: 192.168.3.101
One thing to note: the container runs in a VLAN with ID 20 on a separate Interface on SN 10.10.2.0/24 (GW 10.10.2.1)
The container has internet access and uses Gateway 10.10.2.1.
The problem of my current setup
When pinging the container from oWAN (192.168.2.11 to be exact), the container receives the ICMP requests, sends out an echo, but the echo does not find its way back to 192.168.2.11.
My configuration
Created Virtual IP
Address: 192.168.3.101/32
Interface: WAN
Type: IP Alias
One-to-One NAT
Interface: WAN
Type: BINAT
External network: 192.168.3.101/32
Source/Internal: 10.10.2.101
Destination: any
NAT reflection: default
Outbound NAT
Mode: Automatic
I unsuccessfully tried Hybrid mode with a manual rule:
Interface: WAN
Source: 10.10.2.101/32
Destination: *
NAT Address: 192.168.3.101
Static Port: NO
Advanced Firewall Settings
Network Address Translation
Reflection for port forwards: on
Reflection for 1:1: on
Automatic outbound NAT for Reflection: on
I am running on the latest OPNsense version 24.7.8-amd64.
Thank you for all offered help. I will gladly provide more information.
Best Regards,
Jannick