Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Why can't I schedule a NAT rule
« previous
next »
Print
Pages: [
1
]
Author
Topic: Why can't I schedule a NAT rule (Read 3371 times)
guest18661
Guest
Why can't I schedule a NAT rule
«
on:
November 19, 2018, 11:36:25 pm »
I have a single IP address and I am using haproxy to handle multiple services behind that address. Everything works quite well except I can't automate Let's Encrypt for multiple servers because I can't schedule a NAT rule. In order to get a cert renewed I have to manually enable the NAT rule that sends port 80 to the inside server, manually renew, and then disable the rule again.
I'd love to be able to simply have the NAT rule turn on every Sunday at 1am say, and let a cron job do it's thing.
Also it would be nice to be able to specify the times in the schedule in increments of less than 15 minutes. 5 would be more than sufficient for this type of task.
Any chance there is a work around or I am missing some way to do this? TIA
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: Why can't I schedule a NAT rule
«
Reply #1 on:
November 20, 2018, 06:14:07 am »
Hi, you can change the association for the firewall rule to manual / off, and add a rule that schedules so you have the NAT on always, but only reachable via scheduled firewall rule?
Cheers,
Franco
Logged
guest18661
Guest
Re: Why can't I schedule a NAT rule
«
Reply #2 on:
November 20, 2018, 07:16:39 pm »
Thanks for that. I'm not quite sure what it means yet, but at least it gives me something to go on for further research. If I actually get it figured out I'll update the thread with the details in case anyone else is trying to do a similar thing.
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: Why can't I schedule a NAT rule
«
Reply #3 on:
November 20, 2018, 07:20:28 pm »
Sorry, a bit more background: each NAT rule can have an associated firewall rule (see bottom of the edit page of the port forward). If you break the association, you're free to add your own firewall pass rule, which can receive a schedule then.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Why can't I schedule a NAT rule