NAT config

Started by gx0r, October 20, 2020, 05:02:56 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 20, 2020, 05:02:56 PM
Hello,

I have a OPNsense installation that walls off the private LAN behind a DMZ.

(private lan 10.0.0.0 & host1 10.1.0.0) <-> (opnsense "fw1" 10.0.0.0) <-> dmz <-> (vpn fw2 10.2.0.0)

Clients log into the DMZ via a VPN Server installed at the Firewall 1. On the OPNsense is another subnet that contains only one host (10.1.0.0) "host1". Requests from the vpn (10.2.0.0) to the host1 will originate with source 10.2.0.0 from vpn and then arrive at the OPNsense. OPNsense will forward this to the host 10.1.0.0. The host responds, but than:

the OPNsense will change the source address of the responds to its own wan address.

So requests to 10.1.0.0 will be answered from 10.0.0.0.

This will not pass the vpn as its not a responds but an incoming connection.


How can I change this?
Print
Go Up Pages1
User actions