Author Topic: Simple NAT question NEW User to OpnSense (Read 4234 times)

yoda · « **on:** February 21, 2019, 02:02:47 am »

Hello everyone,

I am new to OpnSense ( was using PfSense)

I am trying to do something that is usualy simple to do.

3 servers ----> OpnSense (3 public IP) ----> Internet

I am trying to have those 3 servers on the internet with their own IP.
But After playing during a while with one server, it's always going out using the MAIN OpnSense IP.

I used the NAT section of the interface, tried NAT LAN, Nat WAN and it both case it didn't worked

When trying to use Nat 1 on on1, I specify the public IP I want to use, tell the NAT rule which server internally it need to be nated to

Question :
1- when creating the Nat rule, to O chose Lan or wan ? in both case I can specify what is the internal and external ip.
2- Virtual IP, do I have to use that ?

My test was simple, I curl ipinfo.io and it gaved back the " main firewall" ip and not the one I created in the NAT rule

JF
Sorry for that newbie question LOL I played with so many brand of firewall and my ego too a hit :-)

bartjsmit · « **Reply #1 on:** February 21, 2019, 08:45:53 am »

Try this:

Firewall, NAT, Outbound. Select Hybrid NAT (manual before automatic). Add Rule:

interface: WAN, Source: single host or network, internal IP /32, Translation: public IP /32

Bart...

yoda · « **Reply #2 on:** February 21, 2019, 12:46:12 pm »

Tks Bart. Will try !

yoda · « **Reply #3 on:** February 21, 2019, 10:09:39 pm »

The interface is more complex that what you say

https://pasteboard.co/I2eWrbT.png

Tks !
JF

bartjsmit · « **Reply #4 on:** February 21, 2019, 10:14:00 pm »

You only need 1:1 NAT if you have clients that connect to the servers from the internet. For servers to be tied to an unique IP address for outbound traffic, simple NAT is sufficient.

Do you offer services to internet clients?

Bart...

yoda · « **Reply #5 on:** February 21, 2019, 11:08:25 pm »

HUM

All those servers do have different Public IP and customers will connect to this different IP and FQDN

Server 1 public ip xyz name.domain.com PTR to this IP
Server 2 public ip xyz name2.domain.com PTR to this IP

tks !

bartjsmit · « **Reply #6 on:** February 21, 2019, 11:29:44 pm »

Then you need 1:1 NAT

Interface: WAN
Type: BINAT
external network: public IP
source: single host or network - private IP /32

Bart...

yoda · « **Reply #7 on:** February 22, 2019, 12:00:42 am »

I will try again. but there is so much more option that what you describe
https://pasteboard.co/I2eWrbT.png

I know I have to do what you describe ( tks I do appreciate ) but it didn't work last time..

I will check again my Freebsd network config to be sure the different IPs are in /etc/rc.conf and make some ping test

Good night ! Wherever your tare

bartjsmit · « **Reply #8 on:** February 22, 2019, 08:27:02 am »

Quote from: yoda on February 22, 2019, 12:00:42 am

I will try again. but there is so much more option that what you describe

Indeed there are some, but you can leave those at the defaults. Note that this will only give you NAT; you still need to create rules to allow the inbound traffic that you require. Firewall, Rules, WAN.

Bart...

yoda · « **Reply #9 on:** February 22, 2019, 02:21:51 pm »

tKS !!!! iT IS WORKING
BInat was one of my error (NAT didn 't work)
JF

Author Topic: Simple NAT question NEW User to OpnSense (Read 4234 times)

yoda

Simple NAT question NEW User to OpnSense

bartjsmit

Re: Simple NAT question NEW User to OpnSense

yoda

Re: Simple NAT question NEW User to OpnSense

yoda

Re: Simple NAT question NEW User to OpnSense

bartjsmit

Re: Simple NAT question NEW User to OpnSense

yoda

Re: Simple NAT question NEW User to OpnSense

bartjsmit

Re: Simple NAT question NEW User to OpnSense

yoda

Re: Simple NAT question NEW User to OpnSense

bartjsmit

Re: Simple NAT question NEW User to OpnSense

yoda

Re: Simple NAT question NEW User to OpnSense