Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Forwarding external IPs to machines in DMZ
« previous
next »
Print
Pages: [
1
]
Author
Topic: Forwarding external IPs to machines in DMZ (Read 2943 times)
Joolz
Newbie
Posts: 2
Karma: 0
Forwarding external IPs to machines in DMZ
«
on:
August 28, 2019, 03:30:57 pm »
Hi All,
I'm migrating from a Linux based UTM to Opnsense and have the following setup:
LAN - 172.20.0.0
DMZ - 172.21.0.0
WAN 33.31.153.xxx
Our ISP has provided us with a block of 14 external IP addresses for webservers, running 81.145.xxx.1 to 81.145.xxx.15 .
On our existing Linux UTM, all that was required to open the machines in the DMZ to the outside world was forwarding the port required as an incoming port forwarding rule, with the external IP named as the source, and the DMZ IP named as destination. I tried replicating this on Opnsense but it didn't seem to work.
The existing UTM has been in place for a considerable length of time and there are all kinds of rules pushing ports all over the place so for instance, ports 22, 80 and 3389 on a single external IP may be resolving to 3 different machines in the DMZ which I believe excludes using 1:1 NAT.
What would be the eaisest way to replicate settings from the Linux box, if indeed that is possible? Should I rejig the rules and go 1:1 or can I use IP aliases or normal port forwarding.
I'd be very grateful if anyone could point me in the right direction.
Thanks,
Joolz
Logged
opnsenuser
Newbie
Posts: 27
Karma: 2
Re: Forwarding external IPs to machines in DMZ
«
Reply #1 on:
August 31, 2019, 02:43:52 pm »
Hi,
I think the easiest (direct) way to do this is to assign the IPs (in your case 81.145.xxx.xxx) to the one to the DMZ interface and the rest as required to the (web)servers.
This way the opnsense can route the requests to the servers, if your firewallrules allow so.
This would not require any NAT and portforwarding.
oipnsenuser
Logged
lewald
Sr. Member
Posts: 334
Karma: 21
Re: Forwarding external IPs to machines in DMZ
«
Reply #2 on:
August 31, 2019, 05:25:41 pm »
define the ip addresses as virtual ips.
go to firewall->virtual ips
for every ip one.
then use port forward.
firewall->nat->portforward.
define rules.
interface wan source any destination your ip from isp forward to ip of dmz (device) and the ports
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Forwarding external IPs to machines in DMZ