NAT 1:1

Started by rl82, July 29, 2021, 03:35:23 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
July 29, 2021, 03:35:23 PM
Hello Everybody,

I was configuring a NAT 1:1 on gns3 environment.
I created a virtual ip, set the NAT Rule as screenshot shows, and a Firewall Rule.

The problem is one: From any Host of WAN, i am able ALSO to ping the internal ip address.  How is this possible?
thanks
July 29, 2021, 03:36:57 PM #1
1st screeshot
July 29, 2021, 04:22:05 PM #2
Hi Rocco,

What is the subnet mask on your WAN side?

Can you do a packet trace and filter on 192.168.56.3 please?

Thanks,

Bart...
July 29, 2021, 04:26:46 PM #3
Hallo Bart,


thanks for your prompt reply.

This is the topology,

i will share the screenshot you asked for.
July 29, 2021, 04:30:02 PM #4
NAT 1:1 Configuration
July 29, 2021, 04:38:11 PM #5
packet capture
July 29, 2021, 04:39:15 PM #6
OPNSense Logs - Live view
July 29, 2021, 04:39:38 PM #7
live view
July 29, 2021, 06:51:38 PM #8
Is it just ping or can you also open other connections, like SSH to 192.168.56.3?

ICMP is more widely allowed than others and you may have a blanket rule somewhere for it.

Bart...
July 30, 2021, 07:07:33 AM #9
I have ICMP protocol allowed as shown in the screenshot
July 30, 2021, 07:47:26 AM #10
From 192.168.100.5 can you SSH to 192.168.100.10 please?

What about SSH from 192.168.100.5 to 192.168.56.3?

July 30, 2021, 11:19:28 AM #11
Hallo Bart, there is no address with 100.10
you mean 100.1 ?
July 30, 2021, 09:33:55 PM #12
Sorry, I missed a digit - 192.168.100.102 which is your 1:1 NAT external IP
August 03, 2021, 02:17:12 PM #13
no success
August 03, 2021, 02:26:44 PM #14
Can you ssh from webterm1 to 192.168.56.3?
Print
Go Up Pages1 2
User actions