OPNsense Forum
English Forums => General Discussion => Topic started by: spetrillo on May 16, 2020, 02:17:09 pm
-
I need to port Forward UDP 123, 500, 4500 out from a single address on my internal network. I set it up as follows:
Interface: WAN interface
Protocol: UDP
Source: Single Host or Network/192.168.x.x/24
Source Port Range: 123 to 123
Destination: Any
Destination Port Range: any/any
Redirect Target IP: Single Host or Network/192.168.x.x
Redirect Target Port: 123
Pool Options: Default
Is this correct??
-
Are you trying to make a internal server/device accessible to the internet? If so, your rule is misconfigured.
Interface: WAN interface
Protocol: UDP
Source: Any (unless you want to restrict what internet hosts can talk to your internal host)
Source Port Range: Any
Destination: WAN Address
Destination Port Range: <Use an alias containing the ports needed or clone the rules and make sure one exists for each port you need to pass>
Redirect Target IP: Single Host or Network (your internal server)
Redirect Target Port: Same as Destination port above
Pool Options: Default
Also, it looks like you are port forwarding for IPsec. If that is the case you should also create a rule which is the same as above, but change the protocol from UDP to ESP. This will disable all the port fields for the NAT rule since ESP is a protocol and does not operate on a "port" like TCP/UDP.
-
I have a device that needs port 123, 500, and 4500 open. I have uPNP enabled but the device does not seem to use it. My next thought was to explicitly port forward.
Does that clarify?
-
As long as your wan side is not a private subnet and your are just forwarding inside a private network, I assume you mixed source and destination.
On wan side with public internet, 192.168.x.x. will never be a valid source ip.