Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Public IP DMZ NAT
« previous
next »
Print
Pages: [
1
]
Author
Topic: Public IP DMZ NAT (Read 1638 times)
BlendedLark
Newbie
Posts: 4
Karma: 0
Public IP DMZ NAT
«
on:
May 12, 2020, 05:43:13 pm »
Hi,
Our DMZ has a range of IP addresses (a /27 subnet) which are public IPs rather than private IPs.
We have needed to move that Subnet onto a VLAN (tagged 121).
OPNSense is running as a HA environment with two firewalls sharing the virtual IPs via CARP.
There's a manual Outbound NAT rule for NO NAT from the DMZ net (to override the automatic NAT rule) and a firewall rule allowing certain public IPs to access the DMZ addresses.
Inbound traffic to the DMZ is appearing on the DMZ VLAN interface.
Outbound traffic from the DMZ net isn't appearing on the VLAN interface but on the LAN interface and dropped by the default drop rule.
It looks like the VLAN traffic isn't being tagged but we know it is from packet captures.
Anyone got any ideas as to why it isn't showing on the VLAN interface? Other LANs and VLANs are working fine. Just not this particular VLAN with the no NAT needed.
Scratching head a bit...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Public IP DMZ NAT