Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Additional IP addresses WAN interface
« previous
next »
Print
Pages: [
1
]
Author
Topic: Additional IP addresses WAN interface (Read 9910 times)
jochen35
Newbie
Posts: 3
Karma: 0
Additional IP addresses WAN interface
«
on:
December 06, 2016, 06:43:41 pm »
Hello,
We have the OPNSense behind a router of the ISP with a 28er public network. How can you set up additional IP addresses of the same subnet for NAT on different LAN servers on the WAN interface?
greeting
Jochen
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: Additional IP addresses WAN interface
«
Reply #1 on:
December 06, 2016, 10:25:13 pm »
Hi Jochen,
I set up a one-to-one NAT with the external IP chosen from the ISP range and the internal IP set to a server on the LAN. Firewall -> NAT -> One-to-one.
This has the advantage that the source IP for the return traffic is consistent, i.e. it does not use the OPNsense WAN IP.
Bart...
Logged
kyferez
Jr. Member
Posts: 83
Karma: 9
Re: Additional IP addresses WAN interface
«
Reply #2 on:
December 08, 2016, 03:25:40 am »
Don't mean to hijack, but this is closely related: Is there any way to specify that certain traffic goes out certain WAN IPs?
For example, I often want to use a 2nd Public IP specifically for mail. How would I set it up so all outbound mail from my mail server IP is routed out the 2nd Public IP, but only mail? Note I would want all other traffic from the mail server to use the primary WAN IP.
In Sophos UTM this is easy - it's called Masquerading and Multipath. See screenshot. You can select a source Host or network or destination IP, network or Domain and select a Port or Port Group and direct the matching traffic outbound via a specific Public IP. It's Very flexible. I'd like to see similar in OPNsense
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Additional IP addresses WAN interface
«
Reply #3 on:
December 08, 2016, 08:20:58 am »
Take a look at:
https://docs.opnsense.org/manual/how-tos/multiwan.html?highlight=multi%20wan#step-4-policy-based-routing
What you want is to write fine-grained policy routing rules... The example here only talks about a "catch all rule" but you can select the appropriate gateway and filter based on a lot of properties. I think it's all there.
Logged
kyferez
Jr. Member
Posts: 83
Karma: 9
Re: Additional IP addresses WAN interface
«
Reply #4 on:
December 08, 2016, 04:31:51 pm »
Franco, thanks again!
To make sure I am doing this right: I create the additional WAN IPs as Gateways? Then I use a firewall rule to route the traffic out that new gateway, correct?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Additional IP addresses WAN interface