Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Interface Address
« previous
next »
Print
Pages: [
1
]
Author
Topic: Interface Address (Read 3793 times)
dragon2611
Jr. Member
Posts: 94
Karma: 4
Interface Address
«
on:
June 07, 2017, 12:13:25 am »
Should a Nat rule that's is applied as "Uplink1 Address" (where the interface is called Uplink1) apply just to the main address on that interface or to all IP Alias's on that interface as well.
Getting someone complaining they're not getting the expected response from a server, but the only nat rule for that server on that port has a src match on it so shouldn't be firing as he won't be coming from that source address.
There is one further down for anywhere but it's for "Uplink1 Address" but given the IPalias is an address on uplink1 I'm wondering if it's hitting that (otherwise I'd expect a straight drop)
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: Interface Address
«
Reply #1 on:
June 07, 2017, 08:15:20 am »
Which type of NAT are you debugging? DNAT or SNAT? If the latter, you need to use 1:1 NAT on OPNsense to preserve state on the other end.
Bart...
Logged
dragon2611
Jr. Member
Posts: 94
Karma: 4
Re: Interface Address
«
Reply #2 on:
June 07, 2017, 10:06:33 am »
Dnat, there was a rule for that IP alias and that port but it had a source address match on it as well , so that *should* have only fired if they were coming from a certain IP range.
The only other rule for that port was for ANY source but it was for Interface Address so I think they were hitting that and getting the other VM which is why their credentials didn't work.
I would have expected actually they'd just get a connection timeout as I didn't have any other NAT rules for that IP alias and that particular port, it looks like interface address may well be actually interface addresses (I.e ALL ip's on that interface)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Interface Address