Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
nat reflection & dual nat
« previous
next »
Print
Pages: [
1
]
Author
Topic: nat reflection & dual nat (Read 3124 times)
keropiko
Jr. Member
Posts: 81
Karma: 2
nat reflection & dual nat
«
on:
May 16, 2020, 11:34:04 am »
hello,
i would like to resolve a problem with this setup:
Router with PUBLIC IP x.x.x.x , LAN ip 172.16.99.1 and DMZ to ip 172.16.99.2 ------ opnsense with wan ip 172.16.99.2 and lan ip 192.168.1.1.
Port forward on opnsense NAT firewall with destination wan ip address port 5001 and nat to port 5000 of internal ip 192.168.1.10.
From outside networks port forward working correctly. From the inside using wan public ip x.x.x.x (dynamic) nat reflection not working.
Nat reflection enabled on firewall settings and at the nat rule.
Is there need for an outbound rule or something?
Thanks
Logged
BeanAnimal
Newbie
Posts: 18
Karma: 1
Re: nat reflection & dual nat
«
Reply #1 on:
August 05, 2020, 08:25:34 pm »
Good luck getting an answer - this has not ever worked for me on OPNsense.
Logged
BeanAnimal
Newbie
Posts: 18
Karma: 1
Re: nat reflection & dual nat
«
Reply #2 on:
August 06, 2020, 01:43:55 am »
So - ignore the NAT reflection. It is a disaster on this product. Do it the old school way with a rule
Build a simple out bound NAT rule
Say your pubic IP is 1.1.1.1
Your Internal Server ip is 192.168.1.10.
Outbound NAT
Interface LAN
Source LAN NET
Source Port ANY
Destination WAN Address
Dest Port - 5000
Change Destination to (NAT Address) 192.168.1.10
Change Destination port to (NAT PORT) 5001
«
Last Edit: August 06, 2020, 01:46:56 am by BeanAnimal
»
Logged
terraping
Newbie
Posts: 9
Karma: 1
Re: nat reflection & dual nat
«
Reply #3 on:
August 12, 2020, 01:20:59 am »
I tried it the "oldschool" way like BeanAnimal suggested, and it's still broken, and seems to have broken unbound DNS as well, no idea why.
Logged
adam.blackburn
Newbie
Posts: 4
Karma: 0
Re: nat reflection & dual nat
«
Reply #4 on:
August 19, 2020, 02:42:41 pm »
I actually have a set up like this and I had to set up Nat reflection at the edge router
My understanding is that the OPNsense doesn't actually know what your true WAN IP is because the WAN IP is actually a LAN IP from the edge. Because of this, it wouldn't be able to do reflection.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
nat reflection & dual nat