Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Issues with getting on the internet using static external ips and 1to1 nat
« previous
next »
Print
Pages: [
1
]
Author
Topic: Issues with getting on the internet using static external ips and 1to1 nat (Read 4018 times)
Valus
Newbie
Posts: 8
Karma: 0
Issues with getting on the internet using static external ips and 1to1 nat
«
on:
June 15, 2020, 10:15:25 pm »
Hi,
So im a long time user of PFsense but would like to try out OpenSense, i like the interface way better.
My Issue is when i pretty much duplicate my settings from PFsense over to OpenSense, My static IP's and 1to1 nat ips don't seem to work.
PfSense setup(example IP's)
Block of ips
Main:51.212.213.112/29
External Block: 51.212.214.1/24
IPv6 Main: 2001:XXX:0:XX::X58/126
External Block: 2001:XXX:8XXa::/48
Wan-IPV4 UpstreamGateway:51.212.213.113, IP:51.212.213.114
Wan-IPV6 2001:XXX:0:XX::15a, IPV6 Upstream 2001:559:0:XX::159
Lan1- Static: 192.168.0.1/22
Lan2- DHCP: IPV4: 10.69.0.1/16
Lan2- DHCP: IPV6: 2001:XXX:8XXa::1(IPV6 doesn't seem to work correctly in PFsense)
Lan3- Static: 51.212.214.1/24 UpstreamGateway: 51.212.213.114
now with this setup I can use 1to1 or static Ips using the external block on the lan 2 network and everything works.
But when i do a Similar setup inside Opensense My Static IP's do not work
Wan- UpstreamGateway:51.212.213.113, IP:51.212.213.114
Lan1- DHCP:10.69.0.1/16
Lan2-
Lan3- Static:51.212.214.1/24 UpstreamGateway: 51.212.213.114
Lan3- DHCP: IPV6: 2001:XXX:8XXa:ffff::(IPV6 seems to work in Opensense as intended)
now if I assign a static ip of 51.212.214.10 in Pfsense it can get on the internet and I can do a whatsmy ip and its getting the correct external IP of 51.212.214.10 . If i assign a 1to1 Nat same thing it works.
If i assaign the same IP in Opensense The machine cant seem to get on the internet, same with 1to1 Nat.
sometimes the machine might get internet acccess for a few minutes at a time but its showing the main gateways IP as its IP in the internet 51.212.213.113.
Logged
Valus
Newbie
Posts: 8
Karma: 0
Re: Issues with getting on the internet using static external ips and 1to1 nat
«
Reply #1 on:
June 20, 2020, 08:59:07 am »
So i started over from scracth again, Im able to get IPv6 working no problem, Ipv4 on lan1 works getting out to the net but but all of my pc's show the gateway ip within the /29 I cant get my External IP range of the /24 working internally. I keep going over my pfsense box and comparing my config to opnsense, im almost thinking what i want to do opnsense just cant do it, ive spent the last 10hours trying to get this working.
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Issues with getting on the internet using static external ips and 1to1 nat
«
Reply #2 on:
June 20, 2020, 12:15:24 pm »
How are you adding the extra WAN IP's, you don't say;
You should be using Virtual IP's.
I have a /28 on my WAN, so one address is set as my primary, then I've added Virtual IP's for the addresses for my servers. All I do us add the IP Alias, set the address and mask /28 save etc. Then in Firewall NAT, add a one to one map for that alias to your internal server. Under Firewall rules WAN, add an allow rule, source any, destination Server IP and Server ports. I use Aliases for the Server IP and Server ports - it's just neater that way.
Works perfectly.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
Valus
Newbie
Posts: 8
Karma: 0
Re: Issues with getting on the internet using static external ips and 1to1 nat
«
Reply #3 on:
June 27, 2020, 06:06:22 am »
I did Say, I'm using my External IP address range on LAN3. normally this would be how you use your external Block inside your router. My External block is routed to my Gateway ip and adding in 256 IP's one by one is a joke.
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Issues with getting on the internet using static external ips and 1to1 nat
«
Reply #4 on:
June 27, 2020, 06:16:58 am »
You need to rethink that, a /29 mask only gives you 8 addresses total, only 6 of which you can use.
https://dnsmadeeasy.com/support/subnet/
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
Valus
Newbie
Posts: 8
Karma: 0
Re: Issues with getting on the internet using static external ips and 1to1 nat
«
Reply #5 on:
June 27, 2020, 06:18:45 am »
i have a /24 routed to that /29
PfSense setup(example IP's)
Block of ips
Main:51.212.213.112/29
External Block: 51.212.214.1/24
IPv6 Main: 2001:XXX:0:XX::X58/126
External Block: 2001:XXX:8XXa::/48
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Issues with getting on the internet using static external ips and 1to1 nat
«
Reply #6 on:
June 27, 2020, 06:22:04 am »
So are you saying that on your WAN interface you have a /24 range ? BTW, this is Opnsense, not pfSense.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
Valus
Newbie
Posts: 8
Karma: 0
Re: Issues with getting on the internet using static external ips and 1to1 nat
«
Reply #7 on:
June 27, 2020, 06:22:33 am »
please actually read my post.
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Issues with getting on the internet using static external ips and 1to1 nat
«
Reply #8 on:
June 27, 2020, 06:27:12 am »
Yes, it says you have a /29 on your WAN, so where does the /24 come in to this?
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
Valus
Newbie
Posts: 8
Karma: 0
Re: Issues with getting on the internet using static external ips and 1to1 nat
«
Reply #9 on:
June 27, 2020, 06:32:49 am »
the "External Block: 51.212.214.1/24" is a /24 routed to the /29. That is a Block of Public IP's. its not a private IP
https://en.wikipedia.org/wiki/Private_network
That means I can use it as my lan IP range and all my devices will have Public IP address internally and be routed out thru the /29.
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Issues with getting on the internet using static external ips and 1to1 nat
«
Reply #10 on:
June 27, 2020, 06:47:25 am »
Sorry, I misunderstood what you had written.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
Valus
Newbie
Posts: 8
Karma: 0
Re: Issues with getting on the internet using static external ips and 1to1 nat
«
Reply #11 on:
June 27, 2020, 07:35:39 am »
Okay i got them woorking, I had to create some floating Rules in the firewall, it was blocking traffic.
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Issues with getting on the internet using static external ips and 1to1 nat
«
Reply #12 on:
June 27, 2020, 09:12:04 am »
Good, nice to know you got it sorted.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
Valus
Newbie
Posts: 8
Karma: 0
Re: Issues with getting on the internet using static external ips and 1to1 nat
«
Reply #13 on:
June 30, 2020, 08:47:53 pm »
Alright so sorta still issues happening.
Since Floating Rules is by default where device interfaces are kinda being used for firewall rules I had to create Firewall Rules to allow any traffic which then allowed the External/Public Ip's to work internal Side but alot of traffic is still blocked. I noticed i also had to create rules inside Lan, Wan, External Nics with allow any rules to further allow more traffic but im unable to connect directly to my Public IPs inside my External nic when i use a static Public IP on a device. If i set a static private IP on the device then 1to1 nat to the external IP then it seems to open it up more for remote connecting.
when i compare it to my pfsense setup it works as intended. What im noticing is the default generated firewall rules block way to much by default. not being able to delete or modify them is a pain. even though i have created manual rules the auto generated rules according to documention will still overide my manual rules which doesnt make sense.
https://docs.opnsense.org/manual/firewall.html
Internally rules are registered using a priority, floating uses 200000, groups use 300000 and interface rules land on 400000 combined with the order in which they appear. Automatic rules are usually registered at a higher priority (lower number).
what im noticing between Pfsense and Opnsense is that they may be similar in looks and setup but they act way differently even when setup basically the same.
How can i access my Public IP's internal remotely when i assaign a static IP to the device. It can get on the net. it knows what IP it has via whatsmyip.org but i cannot connect to the device remotely or access certain ports remotely.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Issues with getting on the internet using static external ips and 1to1 nat