Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
[SOLVED]Very strange behaviour
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED]Very strange behaviour (Read 1063 times)
ibadea
Newbie
Posts: 2
Karma: 0
[SOLVED]Very strange behaviour
«
on:
May 06, 2022, 09:03:35 pm »
Hello Hello,
I am a bit stuck so I would appreciate a helpful hand !
Running 22.4 version commercial license on a DEC3800 box. Zenarmor on LAN interface.
One primary WAN IP and another 3 secondary IP's defined as virtual IP, all pointing to the same ISP GW.
one to one NAT for the 3 secondary IP's to 3 internal IP's. Port forwarding just one port from each secondary WAN IP's to an internal IP address (each external IP / virtual IP points to a single / different internal IP). Apart from that there is also a port forward for the principal / main IP address on the wan interface, to it's specific internal address.
Tested port open, all seemed to be OK etc. etc. ... until I discovered something interesting, even if power off the internal device, I disable the port forwarding rules or even if I disable the one to one nat rule on each virtual wan ip addresses I can still see external port as opened ... and that's not quite OK
))
I've also added the 4 internal IP addresses to zenarmor white list so it will not filter them, etc. still the same issue.
Here is the full config:
Main WAN: 82.77.182.178
WAN IP2: 82.77.183.104
WAN IP3: 82.77.183.13
WAN IP4: 82.77.183.71
Netmask: 255.255.254.0
Gateway: 82.77.182.1
DNS (1): 213.154.124.1
DNS (2): 193.231.252.1
one to one nat 82.77.183.104 to 192.168.1.132
one to one nat 82.77.183.71 to 192.168.1.141
one to one nat 82.77.183.13 to 192.168.1.142
port forward 82.77.182.178:44158 to internal 192.168.1.55:44158
port forward 82.77.182.104:44158 to internal 192.168.1.132:44158
port forward 82.77.182.71:44158 to internal 192.168.1.141:44158
port forward 82.77.182.13:44158 to internal 192.168.1.142:44158
Now the fun part begins, any port forward rule or one to one nat I disable (from the secondary IP addresses) I still have port 44158 open on all external addresses tested from outside.
Edit: so, to make myself clearer - even if packets or connections come towards one of the virtual wan IP's they are still routed to the main wan ip / port (because it's the only one that's still forwarding port 44158 ... it's like one to one nat it's not even in place
If I disable the primary address port forwarding rule (port forward 82.77.182.178:44158 to internal 192.168.1.55:44158) then I close the 44158 for all 4 external IP addresses
WHY ?
So I don't understand why the one to one nat and port forwarding it's not working as it should be
Any help will be great! If you guys think screenshots or whatever logs are necessary to debug please let me know
«
Last Edit: May 07, 2022, 10:14:19 am by ibadea
»
Logged
ibadea
Newbie
Posts: 2
Karma: 0
Re: Very strange behaviour - multiple wan IP with one to one nat not quite worki
«
Reply #1 on:
May 06, 2022, 11:11:33 pm »
While playing around ... I've manage to somehow "solve" a bit the puzzle
On the port forward I had the primary wan IP defined as 82.77.182.178 / 23 as per ISP configuration ... I've decided to narrow it a bit so I configured the 44158 port forward on the primary IP with the 82.77.182.178 / 32 mask ... great ! port forwarding it's working on this IP ... and now it's not working anymore on all other virtual IP's.
This is great !
but it's still like one to one and port forward it's not working at all on the wan interface
what am I missing ?
«
Last Edit: May 07, 2022, 12:58:36 am by ibadea
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
[SOLVED]Very strange behaviour