Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Need Help with NAT Configuration on Multiple WAN IPs
« previous
next »
Print
Pages: [
1
]
Author
Topic: Need Help with NAT Configuration on Multiple WAN IPs (Read 1209 times)
Cipher
Newbie
Posts: 31
Karma: 1
Need Help with NAT Configuration on Multiple WAN IPs
«
on:
November 30, 2023, 11:18:19 pm »
Hi everyone,
I hope you're doing well. I'm currently working on a networking project and could use some advice. Here's a brief overview of my setup:
I'm using two subnets on the WAN, each with a /29 configuration, providing me with a total of 8 IP addresses. These IPs are utilized as virtual IPs on the WAN side. My primary concern arises when configuring NAT for these IPs.
I've successfully configured NAT for one IP on port 443, directing traffic to the internal domain. However, I'm facing an issue with the remaining IPs. Even though I haven't set up NAT for these IPs, they seem to be accessible.
Any insights into why this might be happening and how I can ensure that only the intended IP with NAT is reachable? Your expertise would be greatly appreciated.
Thank you!
Logged
Patrick M. Hausen
Hero Member
Posts: 6825
Karma: 573
Re: Need Help with NAT Configuration on Multiple WAN IPs
«
Reply #1 on:
November 30, 2023, 11:30:19 pm »
Unless you show us the details of your NAT rules there really is no way to tell.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Cipher
Newbie
Posts: 31
Karma: 1
Re: Need Help with NAT Configuration on Multiple WAN IPs
«
Reply #2 on:
November 30, 2023, 11:42:57 pm »
Hello,
Thank you for your response. I appreciate your request for more details. In my current configuration, I have a single NAT rule set up to direct external traffic to the internal server on port 443, specifically for the IP 1.2.3.4.
Just to clarify, my WAN address is 1.2.3.3. If you need more specific information or have additional questions about the NAT rules, feel free to ask.
I cannot make now a screenshot that why.
«
Last Edit: December 01, 2023, 12:02:22 am by Cipher
»
Logged
Vilhonator
Full Member
Posts: 245
Karma: 13
Re: Need Help with NAT Configuration on Multiple WAN IPs
«
Reply #3 on:
December 01, 2023, 11:24:17 am »
If I'm not mistaken, you need to apply filtering rules and NAT on the WAN port that is directly connected to the internet.
Kinda similar to transparent filtering bridge mode (
https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-transparent-filtering-bridge-on-opnsense
). Only port that is directly connected to the internet can filter traffic coming from internet.
Not sure though (just spitballing here), but when you think of it, reason why second wan port is completely open, might be because Traffic doesn't come from specific external port or IP, it comes from WAN that is connected to the internet.
Only methods I have used to use more than 1 public IPs, is to connect a switch directly to internet and firewalls to the switch and transparent filtering bridges. Honestly both of those are much simpler (though not ideal) than playing around with Dual WAN configurations.
Also you could check routes as well and make sure, that traffic for each IP is routed as should. But if internet works on both ports as should and only issue is that 1 is completely open, then it's definitely something related to NAT and firewall rules.
«
Last Edit: December 01, 2023, 11:42:02 am by Vilhonator
»
Logged
Cipher
Newbie
Posts: 31
Karma: 1
Re: Need Help with NAT Configuration on Multiple WAN IPs
«
Reply #4 on:
December 01, 2023, 02:59:39 pm »
this the only NAT rule i have on the NAT which is configured.
the same rule is created automatically on the WAN side.
So, I've got this setup with a single physical WAN cable. Our primary WAN IP is 1.2.3.1, and we're using 1.2.3.2 for an RDS gateway. I've set up an NAT rule to allow 443 to the gateway server, all good so far.
Now, here's the thing. IPs from 1.2.3.3 to 1.2.3.9 don't have specific NAT rules, but they are somehow accessible to the gateway. When I go to, say, https://1.2.3.3, it takes me to the Windows IIS on the gateway.
I've double-checked, and there's no explicit rule for these IPs. Any ideas on why this might be happening? I want them isolated unless I set up something specific for them.
Appreciate the help!
«
Last Edit: December 01, 2023, 10:06:31 pm by Cipher
»
Logged
Cipher
Newbie
Posts: 31
Karma: 1
Re: Need Help with NAT Configuration on Multiple WAN IPs
«
Reply #5 on:
December 04, 2023, 11:13:39 am »
i got this sorted out, we had a duplication on the rules.
thank you everyone.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Need Help with NAT Configuration on Multiple WAN IPs