OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • incorrect config/routing for lan -> lan access.
« previous next »
  • Print
Pages: [1]

Author Topic: incorrect config/routing for lan -> lan access.  (Read 1786 times)

engeliii23

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
incorrect config/routing for lan -> lan access.
« on: October 21, 2016, 01:20:33 pm »
Dear all,

i'm already sorry to those who find this easily, i'm quite not that professional and due to that unable to configure this correctly.

Following my problem:
I have a opnsense server running with a lan and wan network. In the lan are several machines running as server.
I have serveral ip's, each defined as virtual ip. I also added FW rules and FW nat as 1:1 from <wan-ip> -> <lan-ip>.

Everything works until i try to reach from one lan server to the other over the dns which points to the wan ip.

Does anybody know what i have to configure in addition to get this to work? And is there also a way to configure the servers to have the public ip directly or would i then need to put every single on into its own network?

Thanks you all so much.

Here my version:
OPNsense 16.7.6-amd64
FreeBSD 10.3-RELEASE-p9
OpenSSL 1.0.2j 26 Sep 2016

Regards engeliii23
Logged

Zeitkind

  • Full Member
  • ***
  • Posts: 176
  • Karma: 25
    • View Profile
Re: incorrect config/routing for lan -> lan access.
« Reply #1 on: October 21, 2016, 03:13:21 pm »
You need to configure NAT reflection.
Firewall - Settings - Advanced - Reflection for port forwards - enable (Pure NAT)

Or, to describe it  somehow:
You now tell your clients to go out of your house (WAN-IP) to get to the room next to them (your in-house servers) - which they can't, because they cannot turn back and go inside again once the left the LAN. NAT reflection gives them a sign to not leave (via WAN) but just enter the next room, i.e. NAT reflection re-routes the packets and so they do not leave your LAN but instead are handled as already inside.

A different approach is to use 2 seperate DNS records - one for inside, one for the rest of the world (called split DNS).
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • incorrect config/routing for lan -> lan access.
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2