Dynamic SNAT configuration

[opaloxbird]

Hello

I am coming from a Fortigate 30E firewall that a colleague set up for me. Now I have switched to OPNsense due to update and license requirements and have got everything running well myself on OPNsense.

The problem is that we had to set up an IP pool with the Fortigate (I think it's called SNAT with Opnsense) (Doc from Fortinet: https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/29961/dynamic-snat), because suddenly the Internet went down after a while because (according to my colleague) the single interface was receiving too many requests.

I am with a cheap ISP and have to use their router. I cannot activate bridgemode (only deactivate DHCP and change W-Lan password).

The IP-Pool setting worked, which is why I now want to activate the same on the OPNSense.

Since I would like to learn something myself, I am now asking this question in the Forum whether I have configured this correctly:


Picture original Fortigate config: https://imgur.com/a/85KKMCt
Picture new config on OPNsense: https://imgur.com/a/TujkoRO

Is this correct?

My internal network after the firewall is 10.10.10.1-254
My router network (but only the firewall is connected there is): 192.168.1.1-254


Thank you

[turipriv]

Hi,

I think that what you are looking for in OPNsense is Outbound NAT which normally is configured automatically.



What would happen in this case is that OPNSense automatically translates all your inside IP addresses into its WAN IP address, the IP address of the interface connected to your router.

Your router will then perform another NAT, and translate its inside IP address to its public (outside) address.

If for whatever reason you want to perform 1:1 NAT Manually, you should set outbound nat to either Hybrid or Manual.

More info can be found here: https://docs.opnsense.org/manual/nat.html