Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Can't get NAT working
« previous
next »
Print
Pages: [
1
]
Author
Topic: Can't get NAT working (Read 8415 times)
fridoo
Newbie
Posts: 5
Karma: 0
Can't get NAT working
«
on:
May 03, 2018, 02:05:26 pm »
I know this question has been posted before, but the answers so far haven't helped me so I'm opening a new topic.
We are migrating from m0n0wall to opnsense. All seems to work well, except we can't get NAT working. All stuff without NAT, such as allowing https access to the firewall itself (for test purposes only) is working well. We're testing our connections from outside using 4G, so it's really from outside. When an outside connection is being tried, nothing is showed in the firewall logs. NAT rules (generally in form WANn port x -> LAN host port x) and corresponding firewall rules look fine. Typical behavior is not a refused connection but a timeout.
What am I doing wrong?
regards,
Frido
Logged
opnfwb
Sr. Member
Posts: 331
Karma: 47
Re: Can't get NAT working
«
Reply #1 on:
May 03, 2018, 02:16:41 pm »
For NAT forwarding, are you using the Firewall/NAT/Port Forward page to create the rules? OPNsense has the option to add an associated firewall rule when creating a NAT Port Forward rule. This the Filter Rule Association drop down menu at the bottom of the page when creating a Port Forward rule, choose the option "add associated filter rule". This should get you up and running when you use this method.
Another thing worth trying, us an external port scanning source to verify if the port is "open" and actually being forwarded through the firewall. A site such as grc.com offers a free port scanner (it's their Shields UP service).
If this still isn't working, would it be possible for you to post screenshots of your setup? I use a few port forwards as well and I haven't had an issue getting them through OPNsense.
Logged
guest15389
Guest
Re: Can't get NAT working
«
Reply #2 on:
May 03, 2018, 03:20:39 pm »
Can you post the steps/screenshots of what you are doing?
Here is a few examples of what my port forwards look like for HTTPS/Plex and a custom rule (I use 4022 instead of 22 for SSH) for my Linux box:
Logged
fridoo
Newbie
Posts: 5
Karma: 0
Re: Can't get NAT working
«
Reply #3 on:
May 03, 2018, 04:15:09 pm »
Yes, I used the Port Forward page, and the firewall rules are automatically created.
Here's my NAT setup
Some ports are open for all incoming traffic on a certain WAN address, some (such as Remote Desktop) only for IP adresses of employee home addresses.
Logged
guest15389
Guest
Re: Can't get NAT working
«
Reply #4 on:
May 03, 2018, 04:40:50 pm »
Your WAN has multiple IPs externally assigned to it?
How's that setup?
Logged
fridoo
Newbie
Posts: 5
Karma: 0
Re: Can't get NAT working
«
Reply #5 on:
May 07, 2018, 11:48:45 am »
Yes, WAN has multiple IP addresses. IP is configured as 217.100.205.226 / 29, gateway 217.100.205.225.
Our provider provided the following IP addresses:
.224 Network address
.225 Gateway
.226 - .230 free usable addresses
.231 broadcast address
Should I use the .224 address in the WAN configuration instead of .226 ?
Logged
guest15389
Guest
Re: Can't get NAT working
«
Reply #6 on:
May 07, 2018, 12:34:03 pm »
So on the setup if you have multiple IPs, did you create them via Virtual IPs on the WAN interface and added them as IP aliases?
You may want to look at 1:1 NAT as well instead if you are always mapping an external IP to a specific server as that might meet your use case better.
Logged
fridoo
Newbie
Posts: 5
Karma: 0
Re: Can't get NAT working
«
Reply #7 on:
May 07, 2018, 02:16:00 pm »
I don't have any virtual IPs. If the WAN address is .226, should I add the other 4 as virtual IPs?
1:1 NAT is not an option for us
Logged
guest15389
Guest
Re: Can't get NAT working
«
Reply #8 on:
May 07, 2018, 02:23:09 pm »
I can't test it as I only have a single DHCP interface on mine unfortunately.
I found a match though:
https://forum.opnsense.org/index.php?topic=5424.0
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Can't get NAT working
«
Reply #9 on:
May 07, 2018, 10:43:57 pm »
I also have multiple WAN IP's on a /29. I use 1:1 NAT for redirection to specific servers, works perfectly.
Why can't you use 1:1 NAT?
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Can't get NAT working