Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Automatic NAT Rules Generation
« previous
next »
Print
Pages: [
1
]
Author
Topic: Automatic NAT Rules Generation (Read 6541 times)
opnsense@f2f10.com
Newbie
Posts: 23
Karma: 1
Automatic NAT Rules Generation
«
on:
March 13, 2018, 11:00:09 am »
HI all,
Just deployed pfSense and opnSense together and noticed a small difference.
https://doc.pfsense.org/index.php/Automatic_NAT_Rules_Generation
pfsense says this above and does it. In my case, I have a static routes to all my internal network (10.16.0.0/16). Indeed, I see this on NAT. This is good as I'd like to have my other internal networks transverse this firewall out, but I don't want my firewall has interface to those remote networks.
On opnSense, this seems not the case; after a fairly troubleshooting with tcpdump, I realized that this has to be manually added in NAT rule to get it work.
My question is, is this a "intentionally" done difference, or , is it a "bug". I am ok with either method of getting it to work, just want to clarify.
Thanks
peng
Logged
dcol
Hero Member
Posts: 635
Karma: 51
Re: Automatic NAT Rules Generation
«
Reply #1 on:
March 13, 2018, 04:28:58 pm »
OPNsense does have auto rules generation which is set in the 'Filter rule association' when using 'Pass'.
I am unsure why it also has all the other NAT created rules in the drop down. Maybe to properly associate the FW rule to the NAT rule.
One thing I have noticed though is you should delete the NAT rule and recreate it if you make a change to the rule or it may not generate the Firewall rule correctly. OPNsense doesn't seem to like to make changes to a firewall rule from an existing NAT PF rule. NAT rules seem to always generate a proper firewall rule on its creation.
«
Last Edit: March 15, 2018, 04:08:29 pm by dcol
»
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: Automatic NAT Rules Generation
«
Reply #2 on:
March 14, 2018, 06:24:50 pm »
That's a fairly interesting setup with overlapping 10.16.x.y address spaces. Would you mind giving a full IP setup of your WAN and LANs... I don't understand it very well.
Thank you,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Automatic NAT Rules Generation