Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
How to get 1:1 NAT working?
« previous
next »
Print
Pages: [
1
]
Author
Topic: How to get 1:1 NAT working? (Read 2750 times)
FriendlyObserver
Newbie
Posts: 5
Karma: 0
How to get 1:1 NAT working?
«
on:
May 14, 2023, 12:53:19 am »
Dear All,
My situation is two SOHO locations with a CARP/HA-firewall with double WAN in each location. In one location, one WAN connection does only provide a single fixed IP with no switching capabilities in the modem/connection device whatsoever. There, I have a pfSense box in front of the CARP/HA-firewall. I would like to migrate that box to OPNSENSE.
The box does basically have three rules:
- 1:1 NAT to expose the virtual IP shared by the HA-firewall members to basically all incoming traffic.
- respond to ping, ideally directly without any forwarding
- redirect one UDP-port to OpenVPN, if that should ever be needed to administer the box.
My bottleneck is the 1:1 NAT. I can get "respond to ping" working. As soon as I enter my 1:1 NAT rule (please see pdf enclosed), responding to ping does stop. However, the 1:1 NAT does work neither.
I am aware that computernala (
https://forum.opnsense.org/index.php?topic=6860.0
) links to instructions that outbound NAT should be set to hybrid. However, I am not certain as to which IP to enter where in the indivudual rules among the outbound rules. I did not find a working combination.
Could someone please be so kind to point me to the right direction? If necessary, probably the target device (192.168.0.2) could execute the ping responses. If the openvpn rule is not possible, I could live with that.
Unfortunately, pfSense rules are no longer importable at OPNSENSE. Hence, I need to start from scratch.
Thanks & regards,
Michael Schefczyk
Logged
FriendlyObserver
Newbie
Posts: 5
Karma: 0
Re: How to get 1:1 NAT working?
«
Reply #1 on:
June 25, 2023, 10:31:31 am »
This post (thanks!) is most helpful in pointing to NAT reflection checkboxes:
https://forum.opnsense.org/index.php?topic=8783.0
The documentation says on nat reflection in the context of port forwarding: "Leave this on the default unless you have a good reason not to." Maybe there is a compelling reason more often
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
How to get 1:1 NAT working?