NAT config

[gx0r]

Hello,

I have a OPNsense installation that walls off the private LAN behind a DMZ.

(private lan 10.0.0.0 & host1 10.1.0.0) <-> (opnsense "fw1" 10.0.0.0) <-> dmz <-> (vpn fw2 10.2.0.0)

Clients log into the DMZ via a VPN Server installed at the Firewall 1. On the OPNsense is another subnet that contains only one host (10.1.0.0) "host1". Requests from the vpn (10.2.0.0) to the host1 will originate with source 10.2.0.0 from vpn and then arrive at the OPNsense. OPNsense will forward this to the host 10.1.0.0. The host responds, but than:

the OPNsense will change the source address of the responds to its own wan address.

So requests to 10.1.0.0 will be answered from 10.0.0.0.

This will not pass the vpn as its not a responds but an incoming connection.


How can I change this?