IP mapping problem

Started by tverweij, August 07, 2023, 11:01:22 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 07, 2023, 11:01:22 PM
Hello all, this is my first post on this forum.
I am new to OpnSense, worked with Kerio Control for the last 25 years, but as this product starts to be outdates, I am in the process of migrating to OpnSense. And the migration goes well, about 98% of the  previous setup has been migrated.

But now I am stuck at IP mapping - I can't get it to work.

To explain:
In Kerio, I defined the source (192.168.81.0/24) - this is a local subnet.
Then I defined the destination (192.168.80.60/32) - this host is located at the customers office, so a remote host.
After that I defined the services (any)
And last I defined the MAP (a.b.c.d) - this is the router address of the cuistomers office.

The effect of the above was that, when I accessed 192.168.80.60 from the 192.168.81.0/24 subnet, the IP was translated and the traffic was diverted to the customers router - there, a  virtual server configuration made sure that I reached the real 192.168.80.60 machine.

I try to replicate this in OpnSense, but till now without success.

What I did:
I went to Firewall - NAT - Outbound
added a new rule:

interface WAN
TCPIP v4
Protocol any
Source Address 192.168.81.0/24
Sourceport any
Destination Address 192.168.80.60
Destinationport any
Translation target a.b.c.d
Translation port <empty>

But it just won't work.

What am I missing?







August 07, 2023, 11:30:37 PM #1
At a glance - unless said customer was physically plugged into a port on the machine running Kerio - it would appear you're missing a VPN connecting the two sites.
August 07, 2023, 11:46:05 PM #2
No, no VPN needed.

The trick is to map the unroutable address 192.168.80.60 to the routable address a.b.c.d.

But as I look in the logs, no mapping is performed at all.
August 07, 2023, 11:58:49 PM #3
I got it working.

It turns out I had to use Port mapping instead of Outbound.

Can anyone explain to me what outbound does?
August 08, 2023, 12:08:30 AM #4
Outbound replaces the source address of outbound packets (your typical NAT).
Port Forward replaces the destination address of inbound packets.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
August 08, 2023, 12:27:51 AM #5 Last Edit: August 08, 2023, 12:30:26 AM by tverweij
Ah, that makes sense.

In Kerio terms (as said, worked with it for 25 years): Port forward = MAP, Outbound is NAT.

Now I understand.

Thank you!
Print
Go Up Pages1
User actions