Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Translate outgoing request for external IP to internal IP?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Translate outgoing request for external IP to internal IP? (Read 2205 times)
benm
Newbie
Posts: 4
Karma: 0
Translate outgoing request for external IP to internal IP?
«
on:
March 18, 2020, 11:01:38 pm »
Hello, I'm running OPNsense 19.7.10_1-amd64 with a LAN subnet of 192.168.1.0/24 and DHCP.
I need to connect to a webserver on 10.0.0.100, which I am supposed to access via a VPN. Unfortunately this VPN is broken and cannot be fixed. It's out of my control.
As a workaround, I have set up a computer at 192.168.1.100 with an ssh port forward to 10.0.0.100. Thus I can access the webserver on 192.168.1.100. The problem is that the IP address is wrong.
Is there any way to configure OPNsense so that requests for 10.0.0.100 get translated to 192.168.1.100, and the response gets translated back?
I think I need to use some sort of NAT. However, since the main use case for NAT is between an internal and external network, I haven't managed to find examples of how to send outbound traffic back in. I'm not experienced enough to understand all the settings. Would anyone be willing to help me out?
Thanks so much!
-Ben
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: Translate outgoing request for external IP to internal IP?
«
Reply #1 on:
March 19, 2020, 05:39:50 am »
I would rewrite dns so clients resolve 192 directly
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
benm
Newbie
Posts: 4
Karma: 0
Re: Translate outgoing request for external IP to internal IP?
«
Reply #2 on:
March 19, 2020, 08:34:30 am »
@mimugmail, I agree, that would have been the sensible way to proceed. Unfortunately everything has already been set up with hard-coded references everywhere to the IP address.
I would have done it differently, but that's out of my control.
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: Translate outgoing request for external IP to internal IP?
«
Reply #3 on:
March 19, 2020, 08:56:10 am »
Do a Port Forward on OPN LAN to internal IP and also an outbound Nat on LAN for internal clients to internal IP
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
benm
Newbie
Posts: 4
Karma: 0
Re: Translate outgoing request for external IP to internal IP?
«
Reply #4 on:
March 19, 2020, 04:47:10 pm »
@mimugmail, thanks so much!!! My colleague managed to implement your suggestion, and we are very grateful.
To elaborate on the solution, his settings are as follows:
Port Forward:
Interface: LAN
Proto: TCP
Source Address: *
Source Ports: *
Destination Address: 10.0.0.100
Destination Ports: 80
NAT IP: 192.168.1.100
NAT Ports: 5580 [port of SSH tunnel]
Outbound:
Mode: Hybrid outbound NAT rule generation
Manual rules:
Interface: LAN
Source: any
Source Port: *
Destination: 192.168.1.100/32
Destination Port: 5580
NAT Address: Interface Address
NAT Port: *
Static Port: NO
I hope this helps in case anyone else has the same question. I don't yet understand what's going on, but I hope he can explain tomorrow.
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: Translate outgoing request for external IP to internal IP?
«
Reply #5 on:
March 19, 2020, 04:54:56 pm »
You connect to the firewall with the external IP (should be clear), the firewall sends the packet back to the internal network sind the host is internal (should be clear). Without the outbound NAT, the internal server sends the reply packet directly to the initial client since it's on the same net and then your initial client see's the IP of internal host, which wasn't the one he tried to contact. Thats's why to nat the outgoing packet to the interal server replies to the firewall (which tracks the state) and can send the packet back to you.
Easy?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
benm
Newbie
Posts: 4
Karma: 0
Re: Translate outgoing request for external IP to internal IP?
«
Reply #6 on:
March 19, 2020, 05:46:07 pm »
Wow, thanks so much for the speedy response!!!
Unfortunately I am used to configuring consumer-grade routers, not professional ones like OPNsense. Thus my experience with NAT is roughly that everything is automatically configured, except for port forwards where I simply provide a list of internal IPs and ports. All the new options are wonderful but overwhelming.
In this specific case, my confusion is about which packet headers are getting rewritten by which rule. If I correctly understand your explanation, when I send a packet from 192.168.1.50 to 10.0.0.100, the "Port Forward" rule rewrites "Destination" from 10.0.0.100 to 192.168.1.100, but it leaves "From" as 192.168.1.50. So then the "Outbound" rule would somehow rewrite "Source" from 192.168.1.50 to 192.168.1.1. But I don't understand how the given rule makes this happen.
Is it a pipeline where Port Forward comes first, changing the destination? And next the Outbound rule is applied, and it matches since we just changed the destination to 192.168.1.100?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Translate outgoing request for external IP to internal IP?