OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Additional IP addresses WAN interface
« previous next »
  • Print
Pages: [1]

Author Topic: Additional IP addresses WAN interface  (Read 7094 times)

jochen35

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Additional IP addresses WAN interface
« on: December 06, 2016, 06:43:41 pm »
Hello,
We have the OPNSense behind a router of the ISP with a 28er public network. How can you set up additional IP addresses of the same subnet for NAT on different LAN servers on the WAN interface?

greeting
Jochen
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 1534
  • Karma: 166
    • View Profile
Re: Additional IP addresses WAN interface
« Reply #1 on: December 06, 2016, 10:25:13 pm »
Hi Jochen,

I set up a one-to-one NAT with the external IP chosen from the ISP range and the internal IP set to a server on the LAN. Firewall -> NAT -> One-to-one.

This has the advantage that the source IP for the return traffic is consistent, i.e. it does not use the OPNsense WAN IP.

Bart...
Logged

kyferez

  • Jr. Member
  • **
  • Posts: 83
  • Karma: 9
    • View Profile
Re: Additional IP addresses WAN interface
« Reply #2 on: December 08, 2016, 03:25:40 am »
Don't mean to hijack, but this is closely related: Is there any way to specify that certain traffic goes out certain WAN IPs?

For example, I often want to use a 2nd Public IP specifically for mail. How would I set it up so all outbound mail from my mail server IP is routed out the 2nd Public IP, but only mail? Note I would want all other traffic from the mail server to use the primary WAN IP.

In Sophos UTM this is easy - it's called Masquerading and Multipath. See screenshot. You can select a source Host or network or destination IP, network or Domain and select a Port or Port Group and direct the matching traffic outbound via a specific Public IP. It's Very flexible. I'd like to see similar in OPNsense ;)
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13624
  • Karma: 1173
    • View Profile
Re: Additional IP addresses WAN interface
« Reply #3 on: December 08, 2016, 08:20:58 am »
Take a look at: https://docs.opnsense.org/manual/how-tos/multiwan.html?highlight=multi%20wan#step-4-policy-based-routing

What you want is to write fine-grained policy routing rules... The example here only talks about a "catch all rule" but you can select the appropriate gateway and filter based on a lot of properties. I think it's all there. :)
Logged

kyferez

  • Jr. Member
  • **
  • Posts: 83
  • Karma: 9
    • View Profile
Re: Additional IP addresses WAN interface
« Reply #4 on: December 08, 2016, 04:31:51 pm »
Franco, thanks again!

To make sure I am doing this right: I create the additional WAN IPs as Gateways? Then I use a firewall rule to route the traffic out that new gateway, correct?
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Additional IP addresses WAN interface
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2