Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
IP mapping problem
« previous
next »
Print
Pages: [
1
]
Author
Topic: IP mapping problem (Read 1261 times)
tverweij
Jr. Member
Posts: 69
Karma: 1
IP mapping problem
«
on:
August 07, 2023, 11:01:22 pm »
Hello all, this is my first post on this forum.
I am new to OpnSense, worked with Kerio Control for the last 25 years, but as this product starts to be outdates, I am in the process of migrating to OpnSense. And the migration goes well, about 98% of the previous setup has been migrated.
But now I am stuck at IP mapping - I can't get it to work.
To explain:
In Kerio, I defined the source (192.168.81.0/24) - this is a local subnet.
Then I defined the destination (192.168.80.60/32) - this host is located at the customers office, so a remote host.
After that I defined the services (any)
And last I defined the MAP (a.b.c.d) - this is the router address of the cuistomers office.
The effect of the above was that, when I accessed 192.168.80.60 from the 192.168.81.0/24 subnet, the IP was translated and the traffic was diverted to the customers router - there, a virtual server configuration made sure that I reached the real 192.168.80.60 machine.
I try to replicate this in OpnSense, but till now without success.
What I did:
I went to Firewall - NAT - Outbound
added a new rule:
interface WAN
TCPIP v4
Protocol any
Source Address 192.168.81.0/24
Sourceport any
Destination Address 192.168.80.60
Destinationport any
Translation target a.b.c.d
Translation port <empty>
But it just won't work.
What am I missing?
Logged
newsense
Hero Member
Posts: 1037
Karma: 77
Re: IP mapping problem
«
Reply #1 on:
August 07, 2023, 11:30:37 pm »
At a glance - unless said customer was physically plugged into a port on the machine running Kerio - it would appear you're missing a VPN connecting the two sites.
Logged
tverweij
Jr. Member
Posts: 69
Karma: 1
Re: IP mapping problem
«
Reply #2 on:
August 07, 2023, 11:46:05 pm »
No, no VPN needed.
The trick is to map the unroutable address 192.168.80.60 to the routable address a.b.c.d.
But as I look in the logs, no mapping is performed at all.
Logged
tverweij
Jr. Member
Posts: 69
Karma: 1
Re: IP mapping problem
«
Reply #3 on:
August 07, 2023, 11:58:49 pm »
I got it working.
It turns out I had to use Port mapping instead of Outbound.
Can anyone explain to me what outbound does?
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: IP mapping problem
«
Reply #4 on:
August 08, 2023, 12:08:30 am »
Outbound replaces the source address of outbound packets (your typical NAT).
Port Forward replaces the destination address of inbound packets.
Cheers
Maurice
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
tverweij
Jr. Member
Posts: 69
Karma: 1
Re: IP mapping problem
«
Reply #5 on:
August 08, 2023, 12:27:51 am »
Ah, that makes sense.
In Kerio terms (as said, worked with it for 25 years): Port forward = MAP, Outbound is NAT.
Now I understand.
Thank you!
«
Last Edit: August 08, 2023, 12:30:26 am by tverweij
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
IP mapping problem
