Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
VPS Wireguard + NAT forwarding
« previous
next »
Print
Pages: [
1
]
Author
Topic: VPS Wireguard + NAT forwarding (Read 1163 times)
meni1234
Newbie
Posts: 4
Karma: 0
VPS Wireguard + NAT forwarding
«
on:
January 02, 2024, 01:25:27 pm »
Hello everyone and a happy new year
I need your help with my homeserver because I can't get opnsense to forward the traffic to a VM.
My setup:
I have a physical server with debian 12 and proxmox. This is connected to a router which is connected to the internet through a CGNAT. As I am behind a CGNAT I have to use a public IP via a VPS. I isolate my host system with Proxmox and opnsense. Using Wiregurad, the virtual opnsense establishes a tunnel to the VPS. The VPS sends the required ports directly to the opnsense, which works perfectly. It is important to note that I only have one physical NIC. So I use the physical NIC with a linux bridge (vmbr0) for the WAN and a virtual bridge (vmbr1) for the LAN connection at opnsense.
Infa:
My problem:
The traffic e.g. 80/443 arrives on my opn sense. For example, I can access the webui of opnsense for test purposes from the public ip by forwarding80/443. But now when I create a NAT rule which should forward the traffic from the opnsense to a vm with a ngix webserver this does not work and I have no idea why not. Of course I changed the opnsense oprt from 443 to 441.
I proceed as follows:
I create a NAT rule:
Interface: OPT1 (WG)
Destination: OPT 1 net
Connection range: 80/443 to 80/443
Redirected destination IP: 192.168.1.103
Redirected carry port 80/443
NAT reflection: activate
Log:
Do I have a fundamental misconception here? Maybe one of you has an idea what I am doing wrong here. What else do you think about the construction of my network, do you think this is a secure approach or do you have any suggestions for optimization?
Thank you in advance.
best regards meni
«
Last Edit: January 02, 2024, 01:32:49 pm by meni1234
»
Logged
meni1234
Newbie
Posts: 4
Karma: 0
Re: VPS Wireguard + NAT forwarding
«
Reply #1 on:
January 02, 2024, 01:57:14 pm »
Holy shit I found the solution , I had a old wg0 interface on my vm with the webserver. I think this was blocking the fowarding? But how? I removed now wireguard form my vm (192.168.1.103) and everything works perfekt now. Thats crazy I was searching for days for the issue, I think I need a short break XD.
Then I have another question, how can I best enable access to the vms via ssh from my host (192.168.8.2)? So far this is not possible. Do you have any other suggestions for improving my setup?
«
Last Edit: January 02, 2024, 02:01:30 pm by meni1234
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
VPS Wireguard + NAT forwarding