Source NAT / Outbound NAT - Rule creation

Started by trezyckz, July 02, 2024, 03:45:39 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 02, 2024, 03:45:39 PM Last Edit: July 02, 2024, 03:57:12 PM by germebl
Hey everyone,

i'm having issues in understanding of Outbound NAT rule creation over Source NAT.

actually using:
OPNsense 24.1.9_4-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.14

In the past i created my Outbound NAT rules in Firewall -> NAT -> Outbound. Actually we are on the way to automate things and further the rule creation after server creation. From the OPNsense API, as I see it so far, I have no possibility to create rules in FW -> NAT -> Outbound, but only in FW -> Automation -> Source NAT.

I've created a Source NAT Rule on WAN interface for translating the source (private ip) to the target (public ip). But it seems, that this rule isnt above the rules in the FW -> NAT -> Outbound, cause the general Outbound Rule in FW -> NAT -> Outbound matches.

I'm a bit scared of moving the general Outbound Rule to Source NAT, which translates everything from LAN net to FW public IP which wasnt already translated so the internal systems without a own NAT to Public IP have access to the www, cause i would lost access to the site if it does not work and would need to drive to it (Site is still in work and not connected actually via Site-to-Site to our main site).

Maybe someone can give me hint?

Best regards

July 03, 2024, 02:03:54 PM #1
solved - Virtual IP was added, but not applied.
Print
Go Up Pages1
User actions