Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
[SOLVED] Routing problems between none NAT LAN and WAN
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Routing problems between none NAT LAN and WAN (Read 5383 times)
Chrzi
Newbie
Posts: 5
Karma: 1
[SOLVED] Routing problems between none NAT LAN and WAN
«
on:
November 01, 2018, 08:37:56 pm »
My current problem is that I can reach from my LAN the firewall and the firewall the internet, but not the LAN the internet.
I have two public /24 networks. In the end I want to split them into 4 /25 networks, as well with 3 NAT networks.
Current Setup is:
- LAN (129.13.170.0/25), allow from LAN Net to *
- LAN_NAT (192.168.1.0/24), allow from LAN_NAT Net to *
- WAN (129.13.170.253/32 with 129.13.170.254 as 'far gateway')
First thing would be to get the LAN to route to the GW. I think NAT I can get to work myself.
Seems like a simple problem, but I just can't get it to work.
«
Last Edit: November 05, 2018, 03:01:10 pm by franco
»
Logged
kyferez
Jr. Member
Posts: 83
Karma: 9
Re: Routing problems between none NAT LAN and WAN
«
Reply #1 on:
November 01, 2018, 09:51:49 pm »
You can't use an out-of-scope Gateway. Gateways have to be within the subnet they are routing for, so the /32 is wrong.
«
Last Edit: November 01, 2018, 09:55:07 pm by kyferez
»
Logged
Chrzi
Newbie
Posts: 5
Karma: 1
Re: Routing problems between none NAT LAN and WAN
«
Reply #2 on:
November 01, 2018, 10:56:59 pm »
With a 'far gateway' that is possible I think and if I ping from my firewall to 8.8.8.8 with my WAN (129.13.170.253/32) as source I get a reply
Next thing I can't route between a second non-NAT network (129.13.169.0/25) and the first one (129.13.170.0/25)
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Routing problems between none NAT LAN and WAN
«
Reply #3 on:
November 02, 2018, 07:00:15 pm »
Yes, far gateway works fine on IPv4. IPv6 not, but that is by design. Just FYI.
Cheers,
Franco
Logged
Chrzi
Newbie
Posts: 5
Karma: 1
Re: Routing problems between none NAT LAN and WAN
«
Reply #4 on:
November 05, 2018, 12:52:01 pm »
Yes the gateway isn't really the problem. I tried it also with the WAN as 129.13.170.253/27 then the 129.13.170.254 default gateway wouldn't be out of scope.
We currently don't use IPv6 at all.
So NAT onto the WAN address works just fine, as well as the communication between the LAN_NAT and the not natted LAN.
A quick capture with wireshark and a ping reveals that ICMP requests from my 169.0/25 LAN leave on the WAN Port and an Reply to the original IP address comes back.
And this is where the fun begins, the WAN interface seems to discard the packet. I disabled all packet filtering to make sure the firewall isn't doing it, same result. The packets don't even show up in the packet capture built-in, only the outgoing ones are recorded.
Logged
Chrzi
Newbie
Posts: 5
Karma: 1
Re: Routing problems between none NAT LAN and WAN
«
Reply #5 on:
November 05, 2018, 02:34:17 pm »
Answer was a missing ProxyARP.
The WAN interface did not answer for ARP requests for the internal LANs. Adding this under VirtualPs to the WAN interface and it worked.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
[SOLVED] Routing problems between none NAT LAN and WAN