Question about inbound NAT and "Reply-to on WAN rule"

Started by MrCroa, June 05, 2018, 04:33:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 05, 2018, 04:33:23 PM
Hello folks,

I'm trying to migrate my firewall (linux iptables) to an opnsense virtual machine. I converted all rules to OPNsense, but first time I tried an inbound nat rule on a external cidr range 193.x.x.x/27 routed to opnsense wan, it didn't work.

I was going to became crazy when I check the box "Disable reply-to on wan rule" and it was suddenly working.

I'm not sure I understand why I have to check this to make it work.

Can you explain this to me ?

Thanks
June 05, 2018, 09:59:07 PM #1
It tries to pin the return traffic to a specific gateway in case Multi-WAN is used. Otherwise the return traffic may return the other WAN interface, which is not working for the remote end.

Sometimes the gateway receiving the reply refuses to send it back to the internal network and it looks like it's not working.

If you don't have Multi-WAN global disable of reply-to is also feasible.


Cheers,
Franco
June 06, 2018, 09:10:37 AM #2
Yes but I don't have multi-WAN, so it's not supposed to work anyway with or without reply-to rules ?
June 12, 2018, 09:36:23 AM #3
Sorry, I don't understand your question.


Cheers,
Franco
Print
Go Up Pages1
User actions