Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Outbound NAT Issues
« previous
next »
Print
Pages: [
1
]
Author
Topic: Outbound NAT Issues (Read 3845 times)
rfeng33
Newbie
Posts: 12
Karma: 0
Outbound NAT Issues
«
on:
November 20, 2020, 10:15:30 pm »
I have recently started looking at OPNSense to replace my Untangle firewall after their recently announced licensing changes. I have LAN connectivity just fine and I can connect out to the Internet from the firewall without issue (CLI I can ping out and resolve DNS). Any traffic from one of the 4 VLANS I have makes it to the firewall but dies. I am intending to do a CARP/HA setup so I have that configured with the proper VIP's and the proper Manual outbound nat rule to nat all traffic coming from my internal networks (I setup a group for them) and I can't get any traffic through. When I traceroute on a machine on one of the VLANs I get the first hop as the dedicated interface IP on the VLAN and then it dies from there.
Any suggestions on where I could start looking? I can provide any additonal information if needed to assist in pinpointing the issue, I've just recently started playing with OPNSense so I'm sure it's probably something I have set incorrectly.
Logged
rfeng33
Newbie
Posts: 12
Karma: 0
Re: Outbound NAT Issues
«
Reply #1 on:
November 21, 2020, 01:22:57 pm »
I've been playing with this a bit more. I can't see what's going on. I'm my Outbound NAT Manual Rules, I have the following example rules setup:
Interface: WAN
Source: ManagementVLAN net (my first VLAN), just for testing purposes.
Source/Destination/Destination Port: *
NAT Address (My WAN VIP for CARP)
Nat Port: *
Static Port NO
I can ping and resolve DNS just fine from the firewall itself under diagnostics, so traffic coming directly off the box is working fine. As I haven't fully built the 2nd firewall yet, the VIP's all come up as master on this box.
When I look at pftop I see traffic trying to come off devices on my LAN and go to external addresses out on the Net, but the state is Single: NO_TRAFFIC or NOTRAFFIC:SINGLE.
I have 4 VLANS setup on the internal side and I can talk between them without issues from a machine on the management VLAN.
Logged
matzej
Newbie
Posts: 9
Karma: 0
Re: Outbound NAT Issues
«
Reply #2 on:
November 21, 2020, 05:43:02 pm »
Hi,
you have a allow Rule on your ManagementVLAN that allows ManagementVLAN to any?
regards M.
Logged
rfeng33
Newbie
Posts: 12
Karma: 0
Re: Outbound NAT Issues
«
Reply #3 on:
November 21, 2020, 05:55:02 pm »
I have added rules that allows traffic from each VLAN to anywhere yes.
Logged
matzej
Newbie
Posts: 9
Karma: 0
Re: Outbound NAT Issues
«
Reply #4 on:
November 21, 2020, 06:57:14 pm »
then it should work, no more ideas except some sort of typo. Source, Destination? IPv4 / IPv6 Stuff?
Sorry, without looking at the system ...
Logged
rfeng33
Newbie
Posts: 12
Karma: 0
Re: Outbound NAT Issues
«
Reply #5 on:
November 22, 2020, 01:28:56 am »
Issue appears to be resolved. For some reason the upstream Fiber shelf was caching the MAC address of the old firewall and not allowing ARP for the CARP address. I'm up and running thanks for all your help folks!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Outbound NAT Issues