Stuck at setting up static route

Started by sunny, October 25, 2024, 04:16:52 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 25, 2024, 04:16:52 PM
I am trying to setup my opnsense router, as the setup is a bit complicated, I have draw a graph to have better understand about the situation.

Router:
WAN: 10.10.10.23
WAN2: 172.16.1.3
LAN: 192.168.1.1/24

My Computer: 192.168.1.100

What I would to access 100.100.0.14 computer through my router with the IP 172.16.1.3. However there is some problem with I try to it. Below I have illustrate what settings I have make to the default installation of opnsense.

1. Created a Gateway for WAN2
2. Create a route for 100.100.0.0/16 through that gateway
3. NAT-Outbound: Automatic outbound NAT rule generation

Below are the settings for Firewall

1. Pass all LAN incoming connection
2. Pass all WAN2 outgoing connection through the gateway as said above

During the testing phase, I am able to access 100.100.0.14 service when I SSH to my router and perform the request. However all LAN computers wasn't able to do so.
In addition, I found that when I request through LAN computer, there is two TCP request initiated, one from 192.168.1.100 (LAN PC) and one from the 172.16.1.3 (The router IP). Is it a bug?
October 25, 2024, 04:17:39 PM #1
Wireshark logs
October 25, 2024, 04:24:48 PM #2
Does "Others router" have a route to 192.168.x.x pointing back to "My router" (172.16.1.3)?
October 25, 2024, 04:26:28 PM #3
You may also need to configure your WAN interfaces to not "Block [private/bogon] networks"
October 26, 2024, 04:57:58 AM #4
Quote from: dseven on October 25, 2024, 04:24:48 PM
Does "Others router" have a route to 192.168.x.x pointing back to "My router" (172.16.1.3)?

I don't have access / control over it. So I couldn't
October 26, 2024, 04:58:53 AM #5
Quote from: dseven on October 25, 2024, 04:26:28 PM
You may also need to configure your WAN interfaces to not "Block [private/bogon] networks"

I have disabled those options, however it still doesn't work
October 26, 2024, 09:35:49 AM #6
Then I think you'll have to add outbound NAT for your "WAN2" interface. Personally I'd switch to Manual mode and explicitly add the NAT rules that I want, but you could probably use hybrid mode and just add a new rule for your WAN2 interface.
October 26, 2024, 03:32:56 PM #7 Last Edit: October 26, 2024, 06:32:43 PM by sunny
I have added the NAT outbound rules to change the IP address, however it still doesn't work. It seems that there isn't any response coming back from the server. Or after the server response the router wasn't able to change back the IP address and return the packet back to LAN.

EDIT: In addition, there seems to be a bug in opnsense, where after I add a manual NAT Outbound rule and enable logging. In the live view the log description will be empty even though I have type the description in the rule.
Print
Go Up Pages1
User actions