I have a bit silly question. I have 2 Opnsense firewall. One has 2 WAN connections (both having 5 public IPs) and another has WAN with 1 public IP (this number can’t be extended). Both FW-s are connected with IPSec and both LAN’s are visible to each other.
So my question is: can I do NAT from on of those 10 IPs to other LAN computer?
Any hints will be welcome…
In pfsense they have documentation on doing policy routing over IPSEC
I assume you can do this OPNSense as well.
I have to do some minor adjustments to the configuration
I did the configuration changes. According to Wireshark the packets reach the proper server, but still I get time out
What I’m missing in my configuration?
You are going to have to explain the settings on pfsense, as we have nothing to go on
There are two opnsense firewalls. Firewall A has 2 WAN connections and one LAN interface with subnet 192.168.10.0/24. Firewall B has one WAN and one LAN with subnet 192.168.3.0/24.
Between A and B is routed IPSEC tunnel, on both sides IPSEC interfaces, gateways and routing tables. Traffic from 192.168.10.0 to 192.168.3.0 works perfectly and vice versa. So there are no problems on those settings.
I create NAT:port Forward rules to Firewall A:
Destination is behind firewall B
It’s the view on Firewall A Rules: WAN:
Upper rule is created by me, second one automatically created by opnsense.
When I try to access both adresses via WAN, I get timeout.
Packet capture on tunnel interface on firewall B: