Translating source and destination IP in one "hit"

Isabella Borgward · May 07, 2026, 04:03:04 PM

OpnSense 25.10.
I have an unreliable 4G router on one WAN and reliable internet on the other.
I am outside the firewall.
I want a NAT policy that gives me access to 4G router's web interface via the reliable WAN.
For this to work, it needs to translate the source and the destination IP when I make the connection but I don't see a way to do this in the OpnSense web interface.
Can this be done somehow?

viragomann · May 07, 2026, 04:17:18 PM

Translation of destination IP is done by Destination NAT (or port forwarding in former versions).
Translation of source IP is done by Source NAT (or outbound NAT).
So you need a rule in each of them.

griffincollins1117

Yep, you'll likely need both DNAT and SNAT here, otherwise the return traffic may bypass OPNsense completely. horror games

Isabella Borgward

Thank you. The answer seems completely obvious in retrospect. Coming from other firewall platforms where you cannot have multiple NAT policies apply to the same packet, I did not think of creating two rules. I have created an outbound rule, and I now have access to the flakey 4G router.

Translating source and destination IP in one "hit"

Isabella Borgward

May 07, 2026, 04:03:04 PM

viragomann

May 07, 2026, 04:17:18 PM #1

griffincollins1117

Today at 08:50:03 AM #2

Isabella Borgward

Today at 12:07:35 PM #3