Archive > 20.1 Legacy Series

nat reflection & dual nat

(1/1)

keropiko:
hello,

i would like to resolve a problem with this setup:

Router with PUBLIC IP x.x.x.x , LAN ip 172.16.99.1 and DMZ to ip 172.16.99.2 ------ opnsense with wan ip 172.16.99.2 and lan ip 192.168.1.1.

Port forward on opnsense NAT firewall with destination wan ip address port 5001 and nat to port 5000 of internal ip 192.168.1.10.

From outside networks port forward working correctly. From the inside using wan public ip x.x.x.x (dynamic) nat reflection not working.

Nat reflection enabled on firewall settings and at the nat rule.

Is there need for an outbound rule or something?

Thanks

BeanAnimal:
Good luck getting an answer - this has not ever worked for me on OPNsense.

BeanAnimal:
So - ignore the NAT reflection. It is a disaster on this product. Do it the old school way with a rule

Build a simple out bound NAT rule

Say your pubic IP is 1.1.1.1
Your Internal Server ip is 192.168.1.10.

Outbound NAT
Interface LAN
Source LAN NET
Source Port ANY
Destination WAN Address
Dest Port - 5000
Change Destination to (NAT Address) 192.168.1.10
Change Destination port to (NAT PORT) 5001

terraping:
I tried it the "oldschool" way like BeanAnimal suggested, and it's still broken, and seems to have broken unbound DNS as well, no idea why.

adam.blackburn:
I actually have a set up like this and I had to set up Nat reflection at the edge router

My understanding is that the OPNsense doesn't actually know what your true WAN IP is because the WAN IP is actually a LAN IP from the edge. Because of this, it wouldn't be able to do reflection.

Navigation

[0] Message Index