Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
How to do NAT after policy-based routing?
« previous
next »
Print
Pages: [
1
]
Author
Topic: How to do NAT after policy-based routing? (Read 1287 times)
tonnoplast
Newbie
Posts: 9
Karma: 0
How to do NAT after policy-based routing?
«
on:
February 24, 2023, 03:46:19 pm »
I am trying to configure an interface (let's call it
vpnLAN
) so traffic originating from its network is routed to a VPN gateway (
VPNLAN_GW
). I did the following:
added an "allow vpnLAN to any rule" under
Firewall > Rules > vpnLAN
added a floating rule so that traffic originating from
vpnLAN net
with destination
! talpaWAN net
has gateway
VPNWAN_GW
added an outbound NAT rule so that traffic on the
vpnWAN
interface (the VPN interface) with source
vpnLAN net
has NAT address
vpnWAN address
However, this doesn't work. I inspected the logs and it looks like the NAT rule is never applied. This may be because the NAT rules are applied before the other rules, which means that when NAT happens the policy-based routing didn't happen yet, which means the gw hasn't been set up to
VPNWAN_GW
and the NAT rule doesn't apply.
I am surprised as this is roughly the setup described here:
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
.
What am I doing wrong? Thanks!
Logged
wotcha
Newbie
Posts: 32
Karma: 3
Re: How to do NAT after policy-based routing?
«
Reply #1 on:
February 25, 2023, 08:19:01 pm »
Did you follow the doc closely and also select the gateway in your regular Firewall rules?
if you follow the doc exactly honestly you should be golden.
Logged
tonnoplast
Newbie
Posts: 9
Karma: 0
Re: How to do NAT after policy-based routing?
«
Reply #2 on:
February 27, 2023, 01:44:39 am »
I figured it out. I was doing my testing locally from the router itself doing stuff like
curl --interface <iface> <url>
. This didn't work as there is no IN step for packages generated by the command, and it is in that stage that the policy routing is applied.
It all works with traffic generated from outside the router.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
How to do NAT after policy-based routing?