Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Routing while NAT port forwarding [Solved]
« previous
next »
Print
Pages: [
1
]
Author
Topic: Routing while NAT port forwarding [Solved] (Read 1381 times)
Saarbremer
Sr. Member
Posts: 353
Karma: 14
Routing while NAT port forwarding [Solved]
«
on:
October 31, 2023, 05:04:37 pm »
Hi,
I have an issue understanding something, however I must admit that my expectations might be wrong.
Test setup is:
OPNSense Box 1 (Router 1) has LAN 10.0.1.1/24, WAN is public ISP provided, static IP
OPNSense Box 2 (Router 2) has WAN 10.0.1.99 and LAN 10.0.64.1/24. Router2's WAN is in fact connected to the router 1's LAN network.
Router 1 does not know about 10.0.64.0/24, no route to that network configured.
Router 2 is configured statically on WAN and LAN, no DHCP Client involved on WAN. Configured 10.0.1.1 as default upstream gateway. Router 2 uses outbound NAT.
My Expectation 1: [passed]
TCP to public internet or services in Router 1's LAN are successful from Router 2's LAN. OPNsense outputs traffic to Router 1's LAN without the gatway via layer 2
My Expectation 2: [failed]
I can enable port forwarding on Router 2 to allow services from behind Router 2 to be exposed to Router 1's LAN.
So, I created a port forwarding and allowed an associated firewall rule. Observation: No access to exposed service via forwarded port from clients in Router 1's LAN 10.0.1.0/24.
Observing the live view in both OPNsenses it turned out that
first the client in 10.0.1.0/24 connects to the forwarded port and the traffic is forwarded correctly.
answers are sent to the default GW of Router 2, i.e. Router 1 which issues a state rule violation in live traffic view
After disabling the default GW, it works as expected, traffic goes directly back to the client via layer 2
I would have thought that the default GW should not be part of the equation no matter if I just use outbound NAT or port forwarding. The destination IP is in the WAN networks range and should not require a gateway. Did I miss something?
«
Last Edit: October 31, 2023, 05:06:38 pm by tron80
»
Logged
Saarbremer
Sr. Member
Posts: 353
Karma: 14
Re: Routing while NAT port forwarding
«
Reply #1 on:
October 31, 2023, 05:06:29 pm »
After additional digging I find the reason:
The IPv4 Upstream Gateway setting on the WAN interface page was set to the actual gateway instead of "Auto-Detect". Selecting Auto-Detect covered my use case completely.
Sorry for bothering.
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1630
Karma: 178
Re: Routing while NAT port forwarding [Solved]
«
Reply #2 on:
October 31, 2023, 05:09:56 pm »
That's because as soon as a gateway is set there is a reply-to created that forces all traffic to return to the IP of the default gateway.
https://forum.opnsense.org/index.php?topic=36406.0
«
Last Edit: October 31, 2023, 05:11:53 pm by Monviech
»
Logged
Hardware:
DEC740
WilliDriver
Newbie
Posts: 5
Karma: 0
Re: Routing while NAT port forwarding [Solved]
«
Reply #3 on:
February 10, 2024, 10:22:09 pm »
This was an accidental post, and i can't figure out how to delete it. I'm terribly sorry
«
Last Edit: February 10, 2024, 10:23:41 pm by WilliDriver
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Routing while NAT port forwarding [Solved]