OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Port nating
« previous next »
  • Print
Pages: [1]

Author Topic: Port nating  (Read 1743 times)

boni127

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
Port nating
« on: February 17, 2019, 01:12:02 pm »
Hi,
i have a Vigor 130 as vdsl+ Modem on my opnsense connected to the interface igb0.
So i configured a point-to-point Interface on the physical interface igb0. Everything works fine :-)

The vigor has an administration-interface at the ip 192.168.1.1 and i want to reach this interface from my local network 192.168.5.0/24.

For this purpose i switched the Outbound-NAT (Firewall: NAT: Outbound) from "Automatic outbound NAT rule generation" to "Hybrid outbound NAT rule generation" and added an new rule:

Interface   Source   Source Port   Destination      Destination Port   NAT Address      NAT Port   Static Port   Description   
Vigor      LAN net   *         Vigor net      *               Vigor address   *         NO

Vigor.: Interface igb0
LAN net. : 192.168.5.0/24
Vigor net : 192.168.1.0/24

but i can't reach the vigor.
Then i changed the Destination from Vigor-Net to the ip of the vigor and it worked.

Vigor      LAN net   *         192.168.1.1/32   *               Vigor address   *         NO          

Then i changed the destination from 192.168.1.1/32 to 192.168.1.0/24, and it worked too.

So im confused, isn't the destination "Vigor net" similar to the network-address 192.168.1.0/24

Thanks for every explanation.

Detlev.

 





Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 1655
  • Karma: 168
    • View Profile
Re: Port nating
« Reply #1 on: February 17, 2019, 01:30:55 pm »
Hi Detlev,

I have an identical setup and have set my translation target to 'interface address' and source to 'LAN Net' with all others set to *

I also have a separate outbound NAT rule to cover my VPN tunnel range.

Bart...
Logged

boni127

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
Re: Port nating
« Reply #2 on: February 17, 2019, 05:15:38 pm »
Hi Bart,

thanks for your answer. I Think in this case, it's just the same: target interface address and target vigor address.

Bye
Detlev.

Logged

amflow

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Re: Port nating
« Reply #3 on: March 18, 2019, 12:31:23 pm »
I would like to take up the topic again.

I put the NAT mode on hybrid and inserted the following NAT rule as shown in the attached picture.

It is not working.

I have created an interface named "ModemAccess" on re0 where WAN access already is and assigned the static IP address 192.168.1.2/24.
Is it a firewall rule that can block here? I have already added a firewall rule that allows access from "LAN" to "ModemAccess net".

Greetings
Florian
Logged

hbc

  • Hero Member
  • *****
  • Posts: 503
  • Karma: 46
    • View Profile
Re: Port nating
« Reply #4 on: March 18, 2019, 02:35:56 pm »
Quote
So im confused, isn't the destination "Vigor net" similar to the network-address 192.168.1.0/24

I think it is a bug, that prevents aliases to be used in port forwardings.

see: https://forum.opnsense.org/index.php?topic=12002.0

Should be solved with 19.1.5
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Port nating
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2