Simple NAT question NEW User to OpnSense

Started by yoda, February 21, 2019, 02:02:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 21, 2019, 02:02:47 AM
Hello everyone,

I am new to OpnSense ( was using PfSense)

I am trying to do something that is usualy simple to do.

3 servers ----> OpnSense  (3 public IP)  ---->   Internet

I am trying to have those 3 servers on the internet with their own IP.
But After playing during a while with one server, it's always going out using the MAIN OpnSense IP.

I used the NAT section of the interface, tried NAT LAN, Nat WAN and it both case it didn't worked

When trying to use Nat 1 on on1, I specify the public IP I want to use, tell the NAT rule which server internally it need to be nated to

Question :
1- when creating the Nat rule, to O chose Lan or wan ? in both case I can specify what is the internal and external ip.
2- Virtual IP, do I have to use that ?

My test was simple, I curl ipinfo.io  and it gaved back the " main firewall" ip and not the one I created in the NAT rule

JF
Sorry for that newbie question LOL I played with so many brand of firewall and my ego too a hit :-)
February 21, 2019, 08:45:53 AM #1
Try this:

Firewall, NAT, Outbound. Select Hybrid NAT (manual before automatic). Add Rule:

interface: WAN, Source: single host or network,  internal IP /32, Translation: public IP /32

Bart...
February 21, 2019, 12:46:12 PM #2
Tks Bart.  Will try !
February 21, 2019, 10:09:39 PM #3
The interface is more complex that what you say

https://pasteboard.co/I2eWrbT.png

Tks !
JF
February 21, 2019, 10:14:00 PM #4
You only need 1:1 NAT if you have clients that connect to the servers from the internet. For servers to be tied to an unique IP address for outbound traffic, simple NAT is sufficient.

Do you offer services to internet clients?

Bart...
February 21, 2019, 11:08:25 PM #5
HUM

All those servers do have different Public IP and customers will connect to this different IP and FQDN

Server 1   public ip xyz   name.domain.com   PTR to this IP
Server 2   public ip xyz   name2.domain.com   PTR to this IP


tks !
February 21, 2019, 11:29:44 PM #6
Then you need 1:1 NAT

Interface: WAN
Type: BINAT
external network: public IP
source: single host or network - private IP /32

Bart...
February 22, 2019, 12:00:42 AM #7
I will try again. but there is so much more option that what you describe
https://pasteboard.co/I2eWrbT.png

I know I have to do what you describe ( tks I do appreciate ) but it didn't work last time..


I will check again my Freebsd network config to be sure the different IPs are in /etc/rc.conf  and make some ping test

Good night ! Wherever your tare
February 22, 2019, 08:27:02 AM #8
Quote from: yoda on February 22, 2019, 12:00:42 AM
I will try again. but there is so much more option that what you describe

Indeed there are some, but you can leave those at the defaults. Note that this will only give you NAT; you still need to create rules to allow the inbound traffic that you require. Firewall, Rules, WAN.

Bart...
February 22, 2019, 02:21:51 PM #9
tKS !!!! iT IS WORKING
BInat was one of my error (NAT didn 't work)
JF
Print
Go Up Pages1
User actions