NAT1:1 not redirecting to binded lan ip

Started by AxelTwin, April 26, 2021, 04:03:39 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 26, 2021, 04:03:39 PM Last Edit: April 26, 2021, 04:15:45 PM by AxelTwin
Hi everybody,

Coming from pfsense, I setup NAT1:1 on opnsense the exact same way I do on pfsense.
It's working like a charm on pfsense, while on opnsense it seems that I miss something.
If I try to access my virtual ip address with https://  I end up on the opnsense GUI.

I have 1 virtual IP with public IP setup.

In NAT 1:1 I have:
Interface    External IP     Internal IP              Destination IP    
WAN            public.ip/24    192.168.31.10/24      *

Can someone advise me ?
April 27, 2021, 03:05:58 AM #1
I'm not familiar with 1:1, but I'll try:

User, Settings, Admin -> Try setting the OPNSense interface to not listen on WAN.
April 27, 2021, 03:39:53 PM #2 Last Edit: April 27, 2021, 03:43:09 PM by marjohn56
This is one I use for my mail server, don't forget your fw rules too.


Interface: WAN
Type: BiNat
External Network: 82.67.104.179
Source: Single Host or Network:
                       10.4.12.30/32
Destination: Any
Nat Reflection: Use System Default

OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
April 28, 2021, 12:41:22 PM #3 Last Edit: April 28, 2021, 12:52:05 PM by AxelTwin
Thanks, it works like a charm !

One last thing is, When accessing the local machine through http I can reach the service, but it wont let me access it through https.
I guess there is a rule to apply but I can't figure out where it should be applied.
To be honest, I am a bit lost at the moment with opnsense firewall rules, need to practice.
Thanks for showing me the way...
April 28, 2021, 02:33:36 PM #4
Could be a certificate issue and not a firewall rule.
April 28, 2021, 02:44:44 PM #5
Nope, it is blocked by default deny rule.

wan      Apr 28 14:43:43   80.14.0.0:52059   192.168.21.10:443   tcp   Default deny rule
April 29, 2021, 07:59:56 AM #6
A little confused, by 'local machine' do you mean the server you added the port forward for? Where are you trying to access it from, the WAN or LAN?
If it's the WAN, take a look at your rules for that port forward. I have my ports set as an alias, so my mail server has this:




Note: I block a lot of known spammers and some geo zones before it gets to my mail rules, then I block other geo zones before the rules for my web server.
The mail ports alias is like so:



Note: port 25 is handled in a different alias as I use a different machine to process incoming SMTP mail, if you were using one machine, port 25 should be here as well.


OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
Print
Go Up Pages1
User actions