How to deal with NAT on pfSense/OPNSense. Real world examples. 1:1 NAT, Inbound NAT, Outbound NAT.

แชร์
ฝัง
  • เผยแพร่เมื่อ 4 พ.ย. 2024

ความคิดเห็น • 59

  • @loudora
    @loudora ปีที่แล้ว +6

    I never figured out why my NAT reflections didn't work in OPNSense until I watched your video just now. Thank you.

  • @ckong3309
    @ckong3309 หลายเดือนก่อน +1

    Thank you for this. Following your instructions, I was able to view my T-Mobile Home Internet Gateway web page. On a side note at the time of this post, OPNsense recommends NAT reflection to "Use system default" where your instructions say to set it to "Enable". Both work, so I'm just leaving it at the default for now. Thanks again!

  • @stanrayden
    @stanrayden 4 ปีที่แล้ว +4

    Wow! I have scoured through TH-cam to better understand my pfSense firewall and your videos on pfSense is by far the most insightful I have seen! Thank you! +1 sub

  • @TheNicomachean
    @TheNicomachean ปีที่แล้ว +1

    Very thorough and straightforward tutorial. Thanks!

  • @gswhite
    @gswhite 3 ปีที่แล้ว +1

    Just found this, really great explanation on 1:1 NAT which iwas searching for everywhere thanks

    • @gswhite
      @gswhite 3 ปีที่แล้ว +1

      Sorry I have a question if I may? If a client is using a PPPoE ISP with dynamic allocated external public IP, can 1:1 Nat still be achieved? As public address will always be changing?

    • @GatewayITTutorials
      @GatewayITTutorials  3 ปีที่แล้ว

      1:1 NAT will work regardless :)

  • @Clarence-Homelab
    @Clarence-Homelab 3 ปีที่แล้ว +1

    Yes yes yes! Excellent explanatory video!

  • @maciofacio364
    @maciofacio364 ปีที่แล้ว

    Thank you, for the FIREWALL: NAT: OUTBOUND - how this works. That was what i was looking for whole morning today :)

  • @J0nny5
    @J0nny5 3 ปีที่แล้ว +1

    Thank you for the thorough walk through. Quite knowledgeable about NAT. Sub

  • @ilducedimas
    @ilducedimas 3 ปีที่แล้ว +1

    Awesome content. Very solid. Thanks

  • @Jphuman
    @Jphuman 2 ปีที่แล้ว

    Great video, hepled clarify some stuff for us.

  • @ThomasKuhlen
    @ThomasKuhlen 2 ปีที่แล้ว +1

    Great video! On 4:18 I see my mistake. I's a special way to config Port Forward with opnsense to select not only the WAN interface. Now my nginx's hosts works also from outside AND insinde. Thank you

  • @ChannelofEverythingace
    @ChannelofEverythingace 3 ปีที่แล้ว +1

    Thanks for your videos

  • @danielwolf2779
    @danielwolf2779 3 ปีที่แล้ว +1

    Thank you you are my savior

  • @Felix-ve9hs
    @Felix-ve9hs 2 ปีที่แล้ว +1

    Thanks for the Video, still so very useful :^)

  • @kyme32
    @kyme32 3 ปีที่แล้ว +1

    omg, i've wasted whole night for this thing, you're gold! thank you

    • @kyme32
      @kyme32 3 ปีที่แล้ว

      @@trentcarson5477 and how is that related to video? Or you just find random videos and spam?

    • @GatewayITTutorials
      @GatewayITTutorials  3 ปีที่แล้ว +1

      Thanks man, I've removed his comment.

  • @itsupport6572
    @itsupport6572 2 ปีที่แล้ว

    Wow good information keep it up

  • @_MiraD1n_
    @_MiraD1n_ ปีที่แล้ว +1

    Thanks a lot !!!!

  • @CayoBuay
    @CayoBuay ปีที่แล้ว +1

    You always have great information. Can you do a tutorial on setting up OPNsense for gaming? So Xbox, Playstation etc

    • @GatewayITTutorials
      @GatewayITTutorials  ปีที่แล้ว

      Sorry, I don't use any game boxes out there :(
      I wouldn't know what to teach you when it comes to that

  • @xanderthunder69
    @xanderthunder69 4 ปีที่แล้ว +1

    Thanks for the great video!!! It was extremely helpful to me trying to understand NAT. Keep up the good work! +1 sub

  • @rpsmith
    @rpsmith 4 ปีที่แล้ว +2

    Thank you Sir! That was a big help!
    BTW, I support both pfSense and OPNsense firewalls and I defiantly prefer pfSense. Do you have a preference of the two?

    • @GatewayITTutorials
      @GatewayITTutorials  4 ปีที่แล้ว +2

      If we are selling the appliance for small/mid offices, definitely OPNSense. But that's purely due to the licensing issues with pfSense: you cannot sell your own hardware with pfSense installed on board. For bigger clients (corporate) who want support from Netgate, it will be pfSense.
      There's no clear winner for me. Both platforms have some unique features that I miss going from one platform to another.

  • @lifebarier
    @lifebarier ปีที่แล้ว

    Can't make fort forward from wan to docker running on NAS. used to work with pfsense...

  • @YuriShevchouk
    @YuriShevchouk 2 ปีที่แล้ว +1

    at 5:23, when you are selecting destination, how do you get those virtual ip's to show up, on my setup I have option for single host, network, or aliases. I have a situation where I'm with Hetzner and have two IP's

    • @GatewayITTutorials
      @GatewayITTutorials  2 ปีที่แล้ว

      I've added them to Virtual IPs list first. I don't know your config at Hetzner, but this is something you can do when you are given a block of IPs.
      If you just added 1 single IP at Hetzner, then there are 2 ways to deal with this:
      1) request a MAC address and use bridge interface to get the IP automatically
      2) leave config on default at Hetzner and add a virtual IP.
      I hope this helps.

  • @RandyV2max
    @RandyV2max 3 หลายเดือนก่อน

    Hello mate, how about you make a video of how to securely set up a gaming server on one of the Protectli ports running pfsense with two open ports? I'm trying to set up a server that will run Windowsgsm and Icarus and RUST games and won't get hacked and compromise the rest of the network. Regards

  • @sphood4035
    @sphood4035 3 ปีที่แล้ว +1

    Great :)

  • @zyghom
    @zyghom 6 หลายเดือนก่อน

    Man, I watched this video 3 times, created and checked 3 times, and still I have a problem: I can reach my mail server that is on my proxmox from OUTSIDE od my LAN, but cannot from INSIDE the LAN - what the heck? OPNsense I mean.

  • @TheGrosos1
    @TheGrosos1 ปีที่แล้ว

    there are 2 ways to get more public IP's per interface in dhcp

  • @tmdrake
    @tmdrake 2 ปีที่แล้ว

    I like to get NAT64 running for IPV6 there are plenty of good reason to use nat on ipV6.

  • @Takigatita9739
    @Takigatita9739 3 ปีที่แล้ว

    Master, I have a problem navigating on some web pages with OpnSense, simply not open but others page can do it. Do you have any idea why it happens?. Would this have something to do with NAT?. I dont use web proxy. it's a real headache.

  • @wj7512
    @wj7512 3 ปีที่แล้ว +1

    I'm new at these systems but like a lot of people I get strict nat when trying to connect to game servers on my pc. Do you have any videos showing how to create nat rules to fix this problems. I've seen so many articles and videos, but none really fix the problem without involving upnp. Any advice would be greatly appreciated.

    • @GatewayITTutorials
      @GatewayITTutorials  3 ปีที่แล้ว

      Why are you avoiding the UPnP package? Any particular reasons?

    • @wj7512
      @wj7512 3 ปีที่แล้ว

      @@GatewayITTutorials Thanks for the reply. Honestly I've just read to many articles about security concerns using upnp so I was trying to find a way around it without enabling it.

    • @GatewayITTutorials
      @GatewayITTutorials  3 ปีที่แล้ว

      You can limit it to 1 IP (gaming PC or console), so nothing catastrophic should happen :)

    • @wj7512
      @wj7512 3 ปีที่แล้ว

      @@GatewayITTutorials Yeah, I've read it both ways. I was thinking about creating a separate VLAN for my son's console and trying it out. Still not 100 percent on enabling it yet on my pc. I've been trying to find a work around. I tried ipv6 only network but that didn't work with the game servers. I may give NAT64 a try and if that doesn't work I may not have any other choice than to enable it. Thanks for your time.

  • @alexanderaric4006
    @alexanderaric4006 2 ปีที่แล้ว

    In general good video, but the 1:1 NAT portion is not complete. There must be a VIP alias added to the firewall, else it won't work. Try to include a full scenario, else following shown configs won't lead to a functioning setup.

  • @KuroganeX3
    @KuroganeX3 3 ปีที่แล้ว +1

    What software is that you are using as presentation ? it doesnt seem like visio

    • @GatewayITTutorials
      @GatewayITTutorials  3 ปีที่แล้ว +1

      It's not Visio.
      It is Draw.io (now app.diagrams.net). It's free and OpenSource.

  • @Geramelh
    @Geramelh 4 หลายเดือนก่อน

    hard time configuring multiple IP via NAT 1:1 via OPNSense.

  • @karloa7194
    @karloa7194 3 ปีที่แล้ว +1

    The first reason is wrong. NAT is not a security. It only gives a false sense of security which is worse part.

    • @GatewayITTutorials
      @GatewayITTutorials  3 ปีที่แล้ว +3

      I would disagree, just a little.
      You've got a solid point, ngl, but if most users were directly connected to the Internet and not behind NAT, it wouldn't have been easier to scan their devices for vulnerable services, etc.
      NAT is not a security, but you have to give me this: it helps in some cases :)

  • @kadergenius
    @kadergenius 4 ปีที่แล้ว +1

    Hello Bro
    thanks for uploading this video.could you make the video for how do create the certificate for openvpn

    • @GatewayITTutorials
      @GatewayITTutorials  4 ปีที่แล้ว

      Hey. Do you mean OpenVPN Server for clients, using certs for authentication?

    • @kadergenius
      @kadergenius 4 ปีที่แล้ว +1

      @@GatewayITTutorials yes...

    • @GatewayITTutorials
      @GatewayITTutorials  4 ปีที่แล้ว

      Okay, thanks for your feedback. I'll add it to my list :)

    • @kadergenius
      @kadergenius 4 ปีที่แล้ว

      @@GatewayITTutorials one more thing do u have the image of opnsense 18.1 version for GNS3

    • @GatewayITTutorials
      @GatewayITTutorials  4 ปีที่แล้ว

      18.1 is very old, I don't even think you can install any packages onto it at this point, because repos are dead. If you need GNS3 images, use a QEMU emulator with it, and download any ISO version you'd like from archives:
      mirror-opnsense.serverbase.ch/releases/

  • @ekaksana
    @ekaksana ปีที่แล้ว

    How is this realworld? A realworld example would be getting a nas web accessable that's behind an isp gw that is set to dhcp.😢

  • @simonesalvatori2300
    @simonesalvatori2300 ปีที่แล้ว

    zero explaining capability, sure you know things, but teaching is not for you, subs 1:1 (cit) explains this