Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
NAT 1:1
« previous
next »
Print
Pages: [
1
]
2
Author
Topic: NAT 1:1 (Read 6160 times)
rl82
Newbie
Posts: 29
Karma: 0
NAT 1:1
«
on:
July 29, 2021, 03:35:23 pm »
Hello Everybody,
I was configuring a NAT 1:1 on gns3 environment.
I created a virtual ip, set the NAT Rule as screenshot shows, and a Firewall Rule.
The problem is one: From any Host of WAN, i am able ALSO to ping the internal ip address. How is this possible?
thanks
Logged
rl82
Newbie
Posts: 29
Karma: 0
Re: NAT 1:1
«
Reply #1 on:
July 29, 2021, 03:36:57 pm »
1st screeshot
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: NAT 1:1
«
Reply #2 on:
July 29, 2021, 04:22:05 pm »
Hi Rocco,
What is the subnet mask on your WAN side?
Can you do a packet trace and filter on 192.168.56.3 please?
Thanks,
Bart...
Logged
rl82
Newbie
Posts: 29
Karma: 0
Re: NAT 1:1
«
Reply #3 on:
July 29, 2021, 04:26:46 pm »
Hallo Bart,
thanks for your prompt reply.
This is the topology,
i will share the screenshot you asked for.
Logged
rl82
Newbie
Posts: 29
Karma: 0
Re: NAT 1:1
«
Reply #4 on:
July 29, 2021, 04:30:02 pm »
NAT 1:1 Configuration
Logged
rl82
Newbie
Posts: 29
Karma: 0
Re: NAT 1:1
«
Reply #5 on:
July 29, 2021, 04:38:11 pm »
packet capture
Logged
rl82
Newbie
Posts: 29
Karma: 0
Re: NAT 1:1
«
Reply #6 on:
July 29, 2021, 04:39:15 pm »
OPNSense Logs - Live view
Logged
rl82
Newbie
Posts: 29
Karma: 0
Re: NAT 1:1
«
Reply #7 on:
July 29, 2021, 04:39:38 pm »
live view
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: NAT 1:1
«
Reply #8 on:
July 29, 2021, 06:51:38 pm »
Is it just ping or can you also open other connections, like SSH to 192.168.56.3?
ICMP is more widely allowed than others and you may have a blanket rule somewhere for it.
Bart...
Logged
rl82
Newbie
Posts: 29
Karma: 0
Re: NAT 1:1
«
Reply #9 on:
July 30, 2021, 07:07:33 am »
I have ICMP protocol allowed as shown in the screenshot
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: NAT 1:1
«
Reply #10 on:
July 30, 2021, 07:47:26 am »
From 192.168.100.5 can you SSH to 192.168.100.10 please?
What about SSH from 192.168.100.5 to 192.168.56.3?
Logged
rl82
Newbie
Posts: 29
Karma: 0
Re: NAT 1:1
«
Reply #11 on:
July 30, 2021, 11:19:28 am »
Hallo Bart, there is no address with 100.10
you mean 100.1 ?
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: NAT 1:1
«
Reply #12 on:
July 30, 2021, 09:33:55 pm »
Sorry, I missed a digit - 192.168.100.102 which is your 1:1 NAT external IP
Logged
rl82
Newbie
Posts: 29
Karma: 0
Re: NAT 1:1
«
Reply #13 on:
August 03, 2021, 02:17:12 pm »
no success
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: NAT 1:1
«
Reply #14 on:
August 03, 2021, 02:26:44 pm »
Can you ssh from webterm1 to 192.168.56.3?
Logged
Print
Pages: [
1
]
2
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
NAT 1:1
