Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
’Hide’ a stupid 192.168.0.x with Source IP NAT to 10.11.12.x with 1-to-1?
« previous
next »
Print
Pages: [
1
]
Author
Topic: ’Hide’ a stupid 192.168.0.x with Source IP NAT to 10.11.12.x with 1-to-1? (Read 1337 times)
pelle
Newbie
Posts: 10
Karma: 0
’Hide’ a stupid 192.168.0.x with Source IP NAT to 10.11.12.x with 1-to-1?
«
on:
June 28, 2020, 09:15:55 pm »
Hello all
I’m new to OPNsense (= maybe I, therefore, ask a stupid Q). I like what I have seen of the OPNsense so far. But I have run into a ’problem’, which I hope have an easy fix. I have been trying some settings, but all have failed. I’m running the latest version of OPNsense.
This is a simplified setup description:
NET-A 192.168.0.x/24 <-> LAN [OPNsense] WAN <-> NET-A should look like 10.11.12.x/24 on this side of the OPNsense for all other networks (routed).
The best setting I can come up with is to use 1-to-1 with the following parameters, but it does not work:
WAN
BINAT
Ext-net 10.11.12.0/24
Source lan/24
(BTW: I use manually on my outbound NAT if it makes any difference)
My question:
Do I have to add rules on WAN and LAN interface allowing all possible traffic which will go through this 1-to-1 NAT (probably)?
Should I go for some of the other two NAT options (port forward or outgoing) (probably not)?
Something more, so I understand OPNsense a bit more:
In which ’order’ will a packet ’traverse’ all functions in OPNsense? Is it, interface in-filter, forwarding, NAT port forwarding, NAT 1-to-1, outgoing NAT, VPN, Interface out-filter? Where do all the ’inspect’ plugin add-in to this step-by-step functions? I assume that the NAT rules are served top to bottom, and exit if it ’hit’ a rule . . . but will it exit all NAT or just the NAT currently in process? Like if it hit a port forward NAT, will it exit all NAT checking or will it jump to do 1-to-1 NAT checking?
Sorry for all (stupid) questions, but I like to understand this software and how it works (below) the nice GUI. It’s needed to do proper troubleshooting I think.
Best Regards
- Per Håkansson
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
’Hide’ a stupid 192.168.0.x with Source IP NAT to 10.11.12.x with 1-to-1?