Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
one-to-one nat
« previous
next »
Print
Pages: [
1
]
Author
Topic: one-to-one nat (Read 6152 times)
mitchinseattle
Newbie
Posts: 2
Karma: 0
one-to-one nat
«
on:
March 20, 2017, 07:14:51 am »
Hi,
Firstly I would like to extend a huge thanks to the developers of OPNsense, it is an awesome product, and even though I've only been using it for a few days, it has already simplified so many admin tasks for us.
I am trying to understand how to correctly configure one-to-one nat, I have looked on the wiki but unfortunately there seems to be very little documentation on this topic.
Our OPNsense server has two NICs, one connected to the WAN with the primary IP and a few virtual IPs configured using IP alias, and a second NIC connected to a private LAN using 10.10.10.0/24 for example.
So on the WAN interface, say I have configured a virtual IP of 2.2.2.2/32 and under one-to-one NAT I have added a new rule with 2.2.2.2 as the external IP, for internal I select LAN address, and destination is set to "any", I don't see anywhere where I can specify that I want all traffic forwarded to 10.10.10.99 for example, where do I configure the destination IP for this rule?
My apologies if this seems like an obvious question, I just haven't worked out the correct procedure yet.
Also I noticed on the OPNsense homepage it mentions "► Full Mesh VPN routing using Tinc" which is great, as we use Tinc in switch mode for joining network segments, however under VPN in the UI I only see IPSEC and OpenVPN, where might I go to configure Tinc or is there some documentation on this I can go through?
Thanks for your time and any suggestions you can provide.
Logged
djGrrr
Full Member
Posts: 112
Karma: 22
Re: one-to-one nat
«
Reply #1 on:
March 20, 2017, 02:12:37 pm »
"LAN address" is the IP address on your LAN interface, this is not what you want. You need to scroll right to the top and select "single host or network", then input the IP you want it to be forwarded to.
Tinc is a plugin that must be installed under System > Firmware > Plugins
Logged
mitchinseattle
Newbie
Posts: 2
Karma: 0
Re: one-to-one nat
«
Reply #2 on:
March 20, 2017, 05:44:36 pm »
Hi,
Thanks for your reply, so do I change Source or Destination to single host or IP, or both?
When I change Source to Single host or IP it populates the address field with "LAN" and a netmask of 32.
Destination is currently set to "Any" and if I click on the little Help link it says that's probably what it should be set to.
I'm sure this is probably a very simple thing to set up, but the labels and help text on this page could really use some tweaking to point the user in the right direction, maybe I'll submit a git pull request with some updates once I've got it figured out.
Thanks also for the hint about Tinc, I'll go and install that plug-in now.
Cheers
Logged
djGrrr
Full Member
Posts: 112
Karma: 22
Re: one-to-one nat
«
Reply #3 on:
March 21, 2017, 03:25:14 pm »
I'm not sure what you are referring to, there is no "source" for one to one nat, if you mean internal ip, I would think that is self explanatory, you put the ip of the internal ip you want the traffic forwarded to after selecting "single host or network".
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
one-to-one nat