Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
[SOLVED] NAT reflection not working from source bridge & vlan interface
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] NAT reflection not working from source bridge & vlan interface (Read 1886 times)
KoS
Newbie
Posts: 34
Karma: 2
[SOLVED] NAT reflection not working from source bridge & vlan interface
«
on:
May 06, 2022, 12:37:06 pm »
Hi
Summary of my setup and the problem that I am facing with NAT reflection:
igb2 : WAN
igb1 : multiple VLANs
igb1_vlan2: VLAN 2
igb1_vlan3: VLAN 3 -> used in bridge0
igb1_vlan4: VLAN 4
igb0 : no VLANs
bridge0 : igb0, igb1_vlan3
I have a HTTPS server sitting behind the bridge0 and have a NAT port forward rule:
Interface: WAN
Destination port range: HTTPS
Redirect target IP: 192.168.232.100 (IP on igb1_vlan2)
NAT reflection: Use system default
Firewall: Settings: Advanced: Network Address Translation
Reflection for port forwards: enabled
Reflection for 1:1: enabled
Automatic outbound NAT for Reflection: enabled
The NAT rule works fine from WAN side. But NOT from the internal network on bridge0, it gets blocked:
action: block
dir: in
dst: 192.168.232.100
dstport: 443
interface: bridge0
label: default deny / state violation rule
If I add manually a firewall rule on the bridge0 interface to allow the traffic, it works:
action: pass
interface: bridge0
direction: in
destination: 192.168.232.100
destination port range: 443
I would expect that OPNsense would create that rule automatically based on the NAT reflection? May it be a problem with the bridge+VLAN interface?
Thanks for any hint in the right direction
KoS
«
Last Edit: September 18, 2022, 10:12:08 pm by KoS
»
Logged
KoS
Newbie
Posts: 34
Karma: 2
Re: NAT reflection not working from source bridge & vlan interface
«
Reply #1 on:
September 18, 2022, 10:11:55 pm »
For NAT reflection to work, the interfaces in the NAT rule need to include the "internal" networks too and not just the WAN interface. Despite the misleading hint "in most cases, you'll want to use WAN here." ;-)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
[SOLVED] NAT reflection not working from source bridge & vlan interface