Hi,
I have a bit silly question. I have 2 Opnsense firewall. One has 2 WAN connections (both having 5 public IPs) and another has WAN with 1 public IP (this number can’t be extended). Both FW-s are connected with IPSec and both LAN’s are visible to each other.
So my question is: can I do NAT from on of those 10 IPs to other LAN computer?
Any hints will be welcome…
Hannes
In pfsense they have documentation on doing policy routing over IPSEC
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routed-vti.html
I assume you can do this OPNSense as well.
Thanks, Tom
I have to do some minor adjustments to the configuration
Dear all,
I did the configuration changes. According to Wireshark the packets reach the proper server, but still I get time out
What I’m missing in my configuration?
You are going to have to explain the settings on pfsense, as we have nothing to go on
Post screenshots
There are two opnsense firewalls. Firewall A has 2 WAN connections and one LAN interface with subnet 192.168.10.0/24. Firewall B has one WAN and one LAN with subnet 192.168.3.0/24.
Between A and B is routed IPSEC tunnel, on both sides IPSEC interfaces, gateways and routing tables. Traffic from 192.168.10.0 to 192.168.3.0 works perfectly and vice versa. So there are no problems on those settings.
I create NAT:port Forward rules to Firewall A:
Packet capture on tunnel interface on firewall B:
