Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

"I am your density." -- George McFly in "Back to the Future"

devel / comp.unix.bsd.freebsd.misc / Re: NATting Web Site via a FreeBSD/OpnSense firewall

SubjectAuthor
o Re: NATting Web Site via a FreeBSD/OpnSense firewallGilbert VAISSIERE

1
Re: NATting Web Site via a FreeBSD/OpnSense firewall

<u5a0mc$2p7vd$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=407&group=comp.unix.bsd.freebsd.misc#407

  copy link   Newsgroups: comp.unix.bsd.freebsd.misc
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: gv48@orange.fr (Gilbert VAISSIERE)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: NATting Web Site via a FreeBSD/OpnSense firewall
Date: Thu, 1 Jun 2023 13:50:35 +0200
Organization: A noiseless patient Spider
Lines: 25
Message-ID: <u5a0mc$2p7vd$1@dont-email.me>
References: <u57m76$3119$33@gallifrey.nk.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 1 Jun 2023 11:50:36 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="6cb58f5549aa3b1fe5cd235f432938aa";
logging-data="2924525"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18XYhfBRxlcs9xbOCvDpyxd2tLBAtbjtIc="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.11.0
Cancel-Lock: sha1:D4LPusCECsDrmuhJNSmiNyQkzZI=
In-Reply-To: <u57m76$3119$33@gallifrey.nk.ca>
Content-Language: fr
 by: Gilbert VAISSIERE - Thu, 1 Jun 2023 11:50 UTC

Le 31/05/2023 à 16:39, The Doctor a écrit :
> How can this be done given your WAN IP address is a.b.c.d
>
> and you LAN addresses are 192.168.x.y/16 ?

Hello,

If I understand your question, you need "Port forwarding" :
https://docs.opnsense.org/manual/nat.html

Public destination address : a.b.c.d
Public source address : any
Public ports 80/TCP and 443/TCP
Private destination address : 192.168.x.y (IP address of your server)
Private ports : same as public

You probably also need to allow incoming trafic (filtering rules) if no
automatic rules for port forwarding :
https://docs.opnsense.org/manual/firewall.html
I don't use OpnSense and can't tell if destination address must be
public or private (before or after NAT)

Best regards
Gilbert VAISSIERE

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor