Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
One-to-one NAT not working at same time as NAT Port Forwarding
« previous
next »
Print
Pages: [
1
]
Author
Topic: One-to-one NAT not working at same time as NAT Port Forwarding (Read 424 times)
thisisjjd
Newbie
Posts: 2
Karma: 0
One-to-one NAT not working at same time as NAT Port Forwarding
«
on:
January 30, 2024, 03:04:40 pm »
I'm trying to switch to Opnsense and having a hard time getting it working. (I posted something similar a couple weeks ago, but I don't think I described it properly.)
Goal
: I have two static IP addresses from my provider, 123.2.3.50 and 123.2.3.53. I want to use NAT port forwarding to forward ssh to the router WAN address (123.2.3.50) to go to local address 192.168.1.2.
I also want to use one-to-one NAT to forward ssh traffic addressed to 123.2.3.53 to go to 192.168.1.7.
I'm using
One-to-one NAT
with
Virtual IP address
to configure the second external static address.
Problem
: When configured as described below, all ssh traffic for both 123.2.3.50 and 100.0.56.53 goes to 192.168.1.2 and none goes to 192.168.1.7.
Config
:
WAN Interface: IPv4 address: 123.2.3.50/24
LAN Interface: 192.168.1.1/24
Virtual IP: IP Alias, WAN
Network / Address: 123.2.3.53/32
Firewall -> NAT -> One-to-One: WAN, BINAT
External Network: 123.2.3.53/32
Source: Single Host or Network: 192.168.1.7/32
Firewall -> NAT -> Port Forward:
TCP SSH from WAN address forward to 192.168.1.2/32
Firewall -> Rules -> WAN:
TCP SSH pass to 192.168.1.7/32
(automatic rule) TCP SSH pass to 192.168.1.2
Results
:
When the virtual IP was set to /24:
ssh from *internal* hosts on the *LAN* to external 123.2.3.53 would work correctly to 192.168.1.7
ssh from external internet hosts to 123.2.3.53 would hang
When the virtual IP was set to /32:
ssh from *internal* hosts on the *LAN* to external 123.2.3.53 would work correctly to 192.168.1.7
ssh from external internet hosts to 123.2.3.53 would
incorrectly
forward to 192.168.1.2
What am I missing? I'm concerned I got some of the netmask specifications incorrect. (The ISP instructed to use /24 for the WAN address.)
Thank you.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
One-to-one NAT not working at same time as NAT Port Forwarding