Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
NAT Reflection working on some internal neworks
« previous
next »
Print
Pages: [
1
]
Author
Topic: NAT Reflection working on some internal neworks (Read 1311 times)
gcells
Newbie
Posts: 2
Karma: 0
NAT Reflection working on some internal neworks
«
on:
May 09, 2021, 05:10:00 pm »
Hi All,
I have 3 internal networks. Lets call them L-lan, C-Captive guest network, V-network for virtual machines and 2 WANs WAN1, WAN2.
I have setup port forwarding in the following way:
Internet -> WAN1:443 -> V-10.0.0.5:443
This way, anyone hitting port 443 of my WAN1 is successfully able to reach the virtual machine in network V.
Case1:
Captive -> WAN1:443 -> Reflected to V-10.0.0.5:443
This is working as expected. Natted service is accessible.
Case 2:
Lan -> WAN1:443 -> Black holed.
Routing has been set up between L & V. Machines on L and V are able to communicate with each other.
However, Reflection is not working only for Lan network.
Both the Captive, and Lan networks have gateway set to the load balancing group gateway.
I am a bit surprises because many forum posts say that Reflection doesn't work with Multi Wan however, it works for me for the Captive portal network.
I am trying to understand if there is something wrong in my setup that is causing this unusual behaviour of Reflection working for multi wan without any other config. Would it be possible to get Lan -> WAN1 -> V reflection working as well?
Thanks,
Aditya
Logged
gcells
Newbie
Posts: 2
Karma: 0
Re: NAT Reflection working on some internal neworks
«
Reply #1 on:
May 10, 2021, 12:42:19 pm »
Here is the RTFM solution that I figured out for anyone else facing similar issue.
Documentation mentions that auto-generated reflection rules should be avoided in favour of explicitly configured rules.
I have simply created a NAT rule as follows:
Destination Host: WAN IP
Destination Port: NAT port
Redirect IP: target host IP
Interfaces: Select all interfaces. In my case I selected L,V,C,WAN1,WAN2
filter rule: "pass" or any existing filter rule.
While this solves my problem, I am still intrigued by the fact that reflection was working for some interfaces and not for others.
Happy networking.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
NAT Reflection working on some internal neworks