Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
[SOLVED] Pure NAT
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Pure NAT (Read 8854 times)
cnu80
Newbie
Posts: 7
Karma: 2
[SOLVED] Pure NAT
«
on:
March 08, 2017, 09:31:49 am »
Hi,
I migrated from a Ubiquiti Edgerouter to a virtual opnsense installation. Migration was successfully, edge router is powered off
. Now i configure some additional services, like DHCP, port forwarding, dyndns ....
Port forwarding works as expected (access from Internet), but from my internal LAN I cannot connect to the forwarded ports. I used following manual to configure the "Reflection NAT
https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks
My setup:
* opnsense latest version
* virtual machine with one network adapter
* I use VLANs to separate DMZ,WAN,LAN, GUEST an so on. This configuration is working fine.
* My WAN connection: I use a Netgear LTE Modem in router mode. WAN Interface is a static IP4 Address (192.168.5.100) and my default gateway is 192.168.5.1 (Netgear modem). Is this a problem? Should I set the modem to "bridge mode"?
I tried to set the "Filter rule association" to "Pass" but the connection i still not possible.
What can I do to find the failure?
BR, cnu80
PS: Is it better to use several network interfaces instead of a VLAN-trunk?
«
Last Edit: March 08, 2017, 09:04:55 pm by cnu80
»
Logged
guest15389
Guest
Re: Pure NAT
«
Reply #1 on:
March 08, 2017, 05:19:30 pm »
I just use method 2 for the Split DNS.
That removes the extra hop of connecting to your router and back the system.
If you turned on the Pure NAT, you'd want to make sure you delete/recreate your port forwards so all the proper rules get created.
Without seeing all the rules/forwards, it's hard to figure out what's going on.
Logged
cnu80
Newbie
Posts: 7
Karma: 2
Re: Pure NAT
«
Reply #2 on:
March 08, 2017, 05:45:07 pm »
thanks for response.
I used split DNS before and it works create with stationary devices, but with my laptop and other mobile devices I have to restart applications, flush dns caches and so on to get the internal IP.
In the meantime I found the problem, but not the solution.
I get from my ISP a dynamic public IP address and my modem is in router mode. From my understanding I have a double NAT.
When I create the port forward with destination "WAN-address or WAN-Network" pure nat does not work.
When I create the port forward with destination "single host" and fill in my public IP, it works.
But when my ISP change the public IP, the rule is broken again.
Is there a feature to track the public IP and change rules dynamic?
thanks
Logged
guest15389
Guest
Re: Pure NAT
«
Reply #3 on:
March 08, 2017, 06:00:05 pm »
Double NAT would make port forwarding challenging. If you can eliminate that, it would make life a lot easier.
You can use Dynamic DNS to update a public DNS name, but I'm not aware of anything to change the rules dynamically.
Are you using Automatic Outbound NAT rules or something else than the default setting?
Logged
cnu80
Newbie
Posts: 7
Karma: 2
Re: Pure NAT
«
Reply #4 on:
March 08, 2017, 09:03:39 pm »
I switched my modem to bridge mode. Now the public address is directly bounded on the WAN-Interface.
Port forwarding and Pure-Nat are working as expected.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
[SOLVED] Pure NAT
