Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNSense to NAT an already routed network.
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNSense to NAT an already routed network. (Read 1064 times)
bakerjw
Newbie
Posts: 5
Karma: 0
OPNSense to NAT an already routed network.
«
on:
August 28, 2023, 08:17:33 pm »
We have a test network consisting of multiple private IP addresses connected by a router. e.g. 192.168.0.0/24, 192.168.1.0/24, 192.168.255.0/24, 172.16.0.0/16, etc...
We are using OPNSense to connect to a public IP subnet.
The OPNSense server LAN IP address is 192.168.255.25 with a default gateway set at 192.168.255.1.
There are other systems on the 192.168.255.0/24 subnet and they are able to be pinged from other subnets that we use so we know that our routing works.
As an example, a system at 192.168.100.14/24 gateway 192.168.100.1 can ping 192.168.255.22 gateway 192.168.255.1
Systems that are on the 192.168.255.0/24 subnet can ping and access the OPNSense server fine but none of the others can.
How can I configure OPNSense to understand that 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 are part of the LAN interface scope?
Many thanks for pointing me in the right direction.
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1614
Karma: 176
Re: OPNSense to NAT an already routed network.
«
Reply #1 on:
August 29, 2023, 08:03:18 am »
You could set Virtual IPs (IP Alias) onto the LAN interface.
https://docs.opnsense.org/manual/firewall_vip.html#ip-alias
Logged
Hardware:
DEC740
Saarbremer
Sr. Member
Posts: 353
Karma: 14
Re: OPNSense to NAT an already routed network.
«
Reply #2 on:
August 29, 2023, 04:23:59 pm »
I don't get it.
What I assume you try to achive:
You want to route all internal traffic to the outside world via OPNsense?
Then you'd have to define routes on your gateway(s) to the OPNsense box and vice versa. And NAT should be in place. Given the other question you asked about NAT, you're about to achive that?
Logged
bakerjw
Newbie
Posts: 5
Karma: 0
Re: OPNSense to NAT an already routed network.
«
Reply #3 on:
August 29, 2023, 04:28:06 pm »
I might not have described our scenario well enough.
We have an isolated routed test network of various private IP subnet ranges. (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16)
Devices on these private subnets need to be able to connect to a single production subnet using a NAT connection.
Logged
Saarbremer
Sr. Member
Posts: 353
Karma: 14
Re: OPNSense to NAT an already routed network.
«
Reply #4 on:
August 29, 2023, 04:32:36 pm »
Yes, I got this.
What I did not get: You mention gateways for all networks (with IP .1 for every subnet). They are supposed to route/NAT packets. How does OPNsense come into play?
So at least:
* A route from .1 to OPNsense (which may cause triangular routing which is ... not what I would be looking for)
* Set .1 as virtual IP on all affected networks to OPNsense.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNSense to NAT an already routed network.