3 minutes reading time (566 words)

Set up NAT Port Forwarding with Outbound NAT in OPNsense

How to set up NAT port forwarding with outbound NAT in OPNsense. Including an outbound NAT example using a Virtual WAN IP.

What is Outbound NAT?

Outbound NAT changes the source IP address of packets which allows outbound traffic to come back to the same source IP address. Outbound NAT is also known as Source NAT or SNAT.

When do you need to use Outbound NAT?

If you have multiple WAN IPs you will most likely want to configure outbound NAT. This will allow you to have some servers/services using their own dedicated WAN IPs.

Outbound NAT is used with inbound NAT port forwarding so any inbound traffic to a LAN server IP address will also go outbound on the same external WAN IP address.

You can read more about the different NAT options in the OPNsense docs

Network Address Translation

Outbound NAT example

In this example I'm configuring a NAT port forward rule to allow external Internet access to a server on my LAN for HTTP port 80 and HTTPS port 443. I have multiple external IPs and this server is using its own virtual WAN IP so I will also need to configure outbound NAT to allow traffic back to the same source WAN IP.

e.g. Any inbound traffic to the web server on LAN IP .25 will go outbound on the WAN IP of .235

Create Virtual WAN IP

I need to create a Virtual IP for each of my external WAN IP addresses. For the address I'm using the external IP address range and subnet mask that has been allocated to me by my Internet provider.

Interfaces - Virtual IPs - Settings - Add

Mode IP Alias
Interface WAN
Type Single Address
Address - enter the WAN IP address and subnet mask
Give the virtual IP a description that identifies what its being used for
Leave the other settings as the defaults

Create Firewall NAT Port Forward Rule

Firewall - NAT - Port Forward - Add

Interface WAN
TCP/IP Version IPv4
Protocol TCP
Destination - Virtual WAN IP
Destination Port range HTTP
Redirect target IP - Single host or network, LAN IP address of server
Redirect target port HTTP
Configure Outbound NAT
Give the port forwarding rule a description
Leave the other settings as the defaults

Repeat the above steps to also create a NAT port forwarding rule for HTTPs port 443

Configure Outbound NAT

Firewall - NAT - Outbound

Select Hybrid outbound NAT rule generation - Save
Then add a new Outbound NAT rule

Interface WAN
TCP/IP Version IPv4
Protocol TCP
Source address - Single host or network, LAN IP address of server
Translation/target - Virtual WAN IP address
Give the outbound NAT rule a description
Leave the other settings as the defaults

Related Posts



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, 23 September 2023
You can help support this website by buying me a coffee!
Buy Me A Coffee