NAT reflection for 1:1 not working

[everfree]

https://github.com/opnsense/core/issues/4469

this issus still in 21.1

[mimugmail]

Remove BINATs, enable all reflections in Firewall : Settings : Advanced, add BINAT again and set Reflection there on enabled instead of systm default.

Then post your rdr's from /tmp/rules.debug

[everfree]

hi Michael,

I follow your step, now it's only one 1:1 rules, but rdr show many rules

Code Select Expand

binat on igb0 from 192.168.170.96 to any -> 163.22.170.96
rdr on ixl0 from {any} to {163.22.170.96} -> {192.168.170.96} bitmask
rdr on ixl1 from {any} to {163.22.170.96} -> {192.168.170.96} bitmask
rdr on lo0 from {any} to {163.22.170.96} -> {192.168.170.96} bitmask
rdr on ixl3 from {any} to {163.22.170.96} -> {192.168.170.96} bitmask
rdr on ixl2 from {any} to {163.22.170.96} -> {192.168.170.96} bitmask
nat on ixl0 inet from (ixl0:network) to {192.168.170.96} -> (ixl0) port 1024:65535
nat on ixl1 inet from (ixl1:network) to {192.168.170.96} -> (ixl1) port 1024:65535
nat on lo0 inet from (lo0:network) to {192.168.170.96} -> (lo0) port 1024:65535
nat on ixl3 inet from (ixl3:network) to {192.168.170.96} -> (ixl3) port 1024:65535
nat on ixl2 inet from (ixl2:network) to {192.168.170.96} -> (ixl2) port 1024:65535
nat on igb0 inet from (igb0:network) to {192.168.170.96} -> (igb0) port 1024:65535

I new to use OPNsense, use pfSense before.
I still can't ping 163.22.170.96

Thanks!

[everfree]

one-to-one setting