2 wan IP from local net of ISP

Started by Wyrm, July 17, 2018, 12:59:27 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
July 17, 2018, 12:59:27 PM
Hi,
I have opnsense in customer network where is provider who does 1:1 NAT in his network. So I have 2 WAN IP from him in local private subnet. From outside they are showing 2 public IP.
It is mainly for dividing traffic and speed for customer - it is hotel where some speed has office and some speed guests.
I need to significaly divide and source nat both networks to have for each of them public ip from outside.
I have set first local IP from ISP to WAN interface and it is working now for both network all with NAT. I have also set second IP as VIRTUAL IP and now I would like to do some NAT and another settings.
How to send traffic from on of local networks to second local ip (ISP nat to public) ?
Should I use NAT 1:1 or how to set this ?
I also need to have later guests in captive portal...

Thanks for some answer and help... ;)
July 17, 2018, 01:03:01 PM #1
Only outbound nat?
July 17, 2018, 01:11:56 PM #2
Hi,
I have functional outbound manual NAT for first ip but I also added rules for second ip and it does not work.

I need also to make some speed limits for guests and other settings...not only nat..
July 17, 2018, 01:37:33 PM #3
Then I think outbound NAT should be fine, no need for 1:1.
Can you show a screenshot of your NAT rules?
July 17, 2018, 01:50:44 PM #4
Hi,
I am sending them in attachement.

Network 10.0.201.125/16(public 82.100.8.173) is first isp local ip and 10.0.201.126/16(public 82.100.8.174) second.
Office network is 192.168.16.0/24 and guests is 10.20.30.0/24
July 17, 2018, 02:01:38 PM #5
So WAN address is 173 and where is the NAT entry regarding 174?
July 17, 2018, 02:10:20 PM #6
It is in rules with ip 10.0.201.126 - it is specified from list, because it is virtual ip on WAN interface
July 17, 2018, 02:15:40 PM #7
Just look in attachement...there it si visible...
July 17, 2018, 02:20:45 PM #8
But NAT address should be 174 and not the private one?

EDIT: for outbound NAT ...
July 17, 2018, 02:30:27 PM #9 Last Edit: July 17, 2018, 02:31:58 PM by Wyrm
It should be private WAN, because it only works with it. I had before all on Mikrotik router (now it is connected after opnsense as switch and wifi manager) and it only worked with outbound nat to internal net of provider (10.0.201.125 and 10.0.201.126). So now it works only for 82.100.8.173 with nat to 10.0.201.125 which is nated by isp ...
I do not have public IPs on opnsense...only isp local lan 10.0.201.125 and as virtual ip 10.0.201.126
July 17, 2018, 02:47:39 PM #10
On Translation/Target .. do you choose the Alias from the list or did you just type the address (which is wrong)?
July 17, 2018, 03:17:37 PM #11
I choosed address from list. Not typed
July 17, 2018, 06:21:30 PM #12
Now i do NAT for guests network (10.20.30.0/24) by Mikrotik unit, which has hotspot service on itself and this is all temporary to time I could solve the whole nat problem.
So guests are nated by that Mikrotik unit which uses office lan network as WAN.

July 17, 2018, 10:29:04 PM #13
Are my settings OK ? Or what to recommend ?
July 18, 2018, 05:51:46 AM #14
If it doesnt work I'd check via Console with tcpdump the packets are leaving with the correct address
Print
Go Up Pages1 2
User actions