Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Is there still no option to schedule NAT rules?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Is there still no option to schedule NAT rules? (Read 1118 times)
guest18661
Guest
Is there still no option to schedule NAT rules?
«
on:
January 05, 2023, 08:56:27 pm »
Is there an official place to add feature requests? I find this to be a useful thing for dealing with limited IPs and getting internal servers setup with official certificates from Let's Encrypt. I keep thinking about switching to something else over this one thing. Manually dealing with renewals every so often or missing one and getting pinged about it from users is not good. I feel like it shouldn't be that difficult to add, but I am totally unfamiliar with the code base and I don't have time to get familiar with it. I see my options as living with it, which I've been doing for a while, switching, or annoying other people until someone can add it for me. (That's the one I'm trying now. :-) )
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Is there still no option to schedule NAT rules?
«
Reply #1 on:
January 05, 2023, 11:47:54 pm »
github, feature request.
https://github.com/opnsense/core/issues/new/choose
It might be the place for it.
Logged
guest18661
Guest
Re: Is there still no option to schedule NAT rules?
«
Reply #2 on:
January 13, 2023, 03:03:56 am »
Thanks. I filed a request.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Is there still no option to schedule NAT rules?
«
Reply #3 on:
January 13, 2023, 07:39:09 am »
I cant get the piece between your issue and nat? Why is nat involved and why a schedule for it?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
guest18661
Guest
Re: Is there still no option to schedule NAT rules?
«
Reply #4 on:
February 01, 2023, 11:32:24 pm »
Quote from: mimugmail on January 13, 2023, 07:39:09 am
I cant get the piece between your issue and nat? Why is nat involved and why a schedule for it?
I have an internal server that is not normally exposed to the internet. It has a builtin facility for let's encrypt. Using let's encrypt is much simpler than maintaining my own CA and making sure the clients trust it. The only problem is the renewal. In order for the certificate to renew I need to nat port 80 away from OPNsense to my internal server. Currently I have to do that manually and then manually trigger the renewal. It's a minor inconvenience if I remember to do it before it expires. If it expires before I renew then the clients get various errors and it causes issues.
Scheduling the nat to turn on once a month for about 5 minutes in the middle of the night would solve the problem nicely.
Since I can't do that in OPNsense I finally broke down and loaded up routeros and have switched back to it. Now that it supports containers I can run my proxy on it and not need a separate vm. The reason I switched from routeros to OPNsense initially was the haproxy plugin. Now that I can run docker containers on routeros I don't really have a specific need to stick with OPNsense.
Logged
yourfriendarmando
Full Member
Posts: 103
Karma: 8
Re: Is there still no option to schedule NAT rules?
«
Reply #5 on:
February 02, 2023, 04:10:41 am »
It is possible to schedule a NAT rule. Create your own unlinked rule in your WAN. It is always doing NAT, but the WAN rule can allow access to it on a schedule AND from specific external hosts
Logged
guest18661
Guest
Re: Is there still no option to schedule NAT rules?
«
Reply #6 on:
February 02, 2023, 04:23:03 am »
From what I remember from the last time I fiddled with some of the proposed work arounds, if the NAT rule is there then the traffic doesn't go to the server that should be getting it most of the time. If there is some way to set up the rules linked or unlinked so that you can have a nat rule for port 80 and haproxy getting port 80 traffic at the same time I couldn't figure it out. Logically it didn't make sense to me how that could work in the first place, but I did try to sort that out.
The way I had it setup all I had to do was click the nat rule on, force the cert renewal, and then click it off again. It was simple enough, but still turned into a pain when I'd forget to renew on time.
It's moot for me now, but if you can post specific steps to make it work that might be helpful for others that come along with this need. I think there were a few people trying to figure it out at one point.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Is there still no option to schedule NAT rules?