Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
NAT Reflection
« previous
next »
Print
Pages: [
1
]
Author
Topic: NAT Reflection (Read 19189 times)
opnsense@f2f10.com
Newbie
Posts: 23
Karma: 1
NAT Reflection
«
on:
December 23, 2017, 02:17:55 pm »
HI Guys,
Tried Mailinabox with openSense and run into issues. Anyone here has any thoughts to get this working properly?
https://discourse.mailinabox.email/t/letsencrypt-expired-and-dns-errors/2704/97
Logged
opnsense@f2f10.com
Newbie
Posts: 23
Karma: 1
Re: NAT Reflection
«
Reply #1 on:
December 23, 2017, 04:34:29 pm »
@AdSchellevis
Any thoughts on this? thanks!
Logged
opnsense@f2f10.com
Newbie
Posts: 23
Karma: 1
Re: NAT Reflection
«
Reply #2 on:
December 24, 2017, 02:25:14 pm »
HI Guys,
I was wondering that I could use some help here with this NAT Reflection for Port-Forward. It seems not working for me.
Network Address Translation
Reflection for port forwards Enable (pure nat)
Reflection for 1:1 Enable
Automatic outbound NAT for Reflection Enable
NAT->Port Foward :
NAT reflection use system default
Filter rule association Rule NAT
Firewall: NAT: Outbound Mode
Tried both Manual and Hybrid....
Freebsd , MAIB, how to I check the these info, which is from my openwrt capture?
config redirect
option target 'DNAT'
option src 'wan'
option dest 'dmz'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option name 'dns'
option dest_ip '192.168.140.253'
@TorWrt# iptables-save | grep NAT
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 25 -m comment --comment "mx (reflection)" -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 443 -m comment --comment "web-email (reflection)" -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 80 -m comment --comment "webmail80-let\'sencrypt (reflection)" -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 53 -m comment --comment "dns (reflection)" -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p udp -m udp --dport 53 -m comment --comment "dns (reflection)" -j SNAT --to-source 192.168.140.1
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 25 -m comment --comment "mx (reflection)" -j DNAT --to-destination 192.168.140.253:25
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 443 -m comment --comment "web-email (reflection)" -j DNAT --to-destination 192.168.140.253:443
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 80 -m comment --comment "webmail80-let\'sencrypt (reflection)" -j DNAT --to-destination 192.168.140.253:80
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 53 -m comment --comment "dns (reflection)" -j DNAT --to-destination 192.168.140.253:53
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p udp -m udp --dport 53 -m comment --comment "dns (reflection)" -j DNAT --to-destination 192.168.140.253:53
Details of the problem are documented here......
https://discourse.mailinabox.email/t/letsencrypt-expired-and-dns-errors/2704/99
Logged
opnsense@f2f10.com
Newbie
Posts: 23
Karma: 1
Re: NAT Reflection
«
Reply #3 on:
December 24, 2017, 02:25:57 pm »
17.7.11 (installed) is the version of opnSense
Logged
opnsense@f2f10.com
Newbie
Posts: 23
Karma: 1
Re: NAT Reflection
«
Reply #4 on:
December 24, 2017, 02:27:58 pm »
@franco
Any thoughts?tks.
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: NAT Reflection
«
Reply #5 on:
December 24, 2017, 02:36:25 pm »
It's the holiday season so please be patient. Maybe you also have more luck in the issue tracker, your request seems very specific, but could also be missing info:
what components do you talk about? are you testing locally or against a real deployment? do you use multi-wan?
this url and the other one do not load for me
https://discourse.mailinabox.email/t/letsencrypt-expired-and-dns-errors/2704/97
Cheers,
Franco
Logged
opnsense@f2f10.com
Newbie
Posts: 23
Karma: 1
Re: NAT Reflection
«
Reply #6 on:
December 24, 2017, 04:31:13 pm »
Thanks for the reply!!! Understood it's holiday ...
It's a production server. This email server was working fine with OpenWRT due to correct NAT Reflection function..However, after switching to OpnSense almost 3 months, this issue was discovered at time of updating let's encrypt certs. Putting this email server back behind openWRT works fine again.. Details are on that URL.. I will repost here... thanks in advance......!!!!
https://discourse.mailinabox.email/t/letsencrypt-expired-and-dns-errors/2704
Logged
opnsense@f2f10.com
Newbie
Posts: 23
Karma: 1
Re: NAT Reflection
«
Reply #7 on:
December 24, 2017, 04:32:27 pm »
https://discourse.mailinabox.email/t/letsencrypt-expired-and-dns-errors/2704
Logged
opnsense@f2f10.com
Newbie
Posts: 23
Karma: 1
Re: NAT Reflection
«
Reply #8 on:
December 24, 2017, 04:33:48 pm »
A side question, why do I see so many "rule nat" in the drop-down menu?
Logged
opnsense@f2f10.com
Newbie
Posts: 23
Karma: 1
Re: NAT Reflection
«
Reply #9 on:
December 24, 2017, 04:35:29 pm »
I'm not using multi-wan ....
Logged
opnsense@f2f10.com
Newbie
Posts: 23
Karma: 1
Re: NAT Reflection
«
Reply #10 on:
December 25, 2017, 03:41:07 pm »
however , i do have another GateWay set up with my private VPN to redirect all traffic through this vpn, except those DMZ traffic which includes this email server....
Not sure whether this is relevant...
Logged
opnsense@f2f10.com
Newbie
Posts: 23
Karma: 1
Re: NAT Reflection
«
Reply #11 on:
December 25, 2017, 03:42:08 pm »
https://github.com/opnsense/core/issues/1417
I saw a similar bug tracking post and posted it under it.....
Logged
opnsense@f2f10.com
Newbie
Posts: 23
Karma: 1
Re: NAT Reflection
«
Reply #12 on:
February 18, 2018, 12:07:46 pm »
Just reload OpnSense again after trying pfSense; I noticed that one of my rules was using ICMP, instead of IPv4. Once it got fixed, Mailinabox checks everything fine. So, it's not the fault of Pure NAT, it's my fault of configuration.
Logged
opnsense@f2f10.com
Newbie
Posts: 23
Karma: 1
Re: NAT Reflection
«
Reply #13 on:
February 18, 2018, 12:08:24 pm »
here's screen capture
Logged
Ciprian
Sr. Member
Posts: 284
Karma: 50
Re: NAT Reflection
«
Reply #14 on:
February 19, 2018, 09:47:06 am »
Many thanks for sharing...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
NAT Reflection