Text only | Text with Images

OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: kwekkerz on February 10, 2020, 05:09:21 PM

Title: How to open ports on wan to internal ip
Post by: kwekkerz on February 10, 2020, 05:09:21 PM
I'm a newbie on OpnSense...so be kind ;-)
I want to open a port on my wan (5900 and 25565-25569) to my internal netwerk (10.25.50.*) But it wil not work ?
Blocked by "Default deny rule" .... (in my log Files)

Can somebody help me with this ?
Title: Re: How to open ports on wan to internal ip
Post by: ArminF on February 10, 2020, 05:43:13 PM
Check if you can setup:
Firewall - Alias -> create Port alias with port 5900 and 25565:25569
Firewall - Alias -> create Host Alias with your torrent server.
then
Firewall - NAT - Port Forward -> use WAN interface select destination port Alias and server then save with default.
LAN rule should automatically be created

Docs
https://docs.opnsense.org/manual/nat.html

Good Luck
Title: Re: How to open ports on wan to internal ip
Post by: kwekkerz on February 10, 2020, 06:04:59 PM
I'm Using version 20.1 van Opnsense, and in my Firewall environment in the Tap Aliases i can select ports, but not the port Number ( in my case 5900) ???? or in hosts the IP adress ???
Title: Re: How to open ports on wan to internal ip
Post by: ArminF on February 10, 2020, 06:17:08 PM
Maybe take a look here
https://www.youtube.com/watch?v=vSHRvZYfqco

And have a look on the attached screenshots.
Create Aliases is important otherwise you cannot set the internal Server nore ports
cheers a
Title: Re: How to open ports on wan to internal ip
Post by: kwekkerz on February 10, 2020, 06:46:27 PM
Nope, this solution also doesn't work, same message in the Log Files "Default deny rule"
My internal network is 10.25.50.* ( could this be the reason of the blockout ?
see rid: 02f4bab031b57d1e30553ce08e0ec131
Title: Re: How to open ports on wan to internal ip
Post by: ArminF on February 10, 2020, 08:00:56 PM
Well, then i am running out of opions.

Check also that your LAN network does not block private addresses.
Interfaces - LAN - Generic configuration - block private networks
Title: Re: How to open ports on wan to internal ip
Post by: kwekkerz on February 10, 2020, 08:09:02 PM
I confirm that the LAN network does not block private addresses.....?
Title: Re: How to open ports on wan to internal ip
Post by: lfirewall1243 on February 11, 2020, 08:24:20 AM
You dont just have to allow it. You need to forward the Ports to the device you want to access from the outside.

Title: Re: How to open ports on wan to internal ip
Post by: kwekkerz on February 11, 2020, 10:35:36 PM
Explain what you mean...
Title: Re: How to open ports on wan to internal ip
Post by: haukened on February 11, 2020, 10:45:40 PM
Quote@lfirewall1243: You dont just have to allow it. You need to forward the Ports to the device you want to access from the outside.
This is the right advice

Try Firewall -> NAT -> Port Forward
Interface: WAN
Protocol: TCP+UDP
Destination: WAN Address
Destination Port Range:
    From: Other (Enter 5900)
    To: Other (Enter 5900)
Redirect Target IP: Single Host or Network (type in the internal IP address and select /32)
Redirect Target Port: 5900

Save and Apply.

For the range, do the same, but you'll only have to specify the starting port for "redirect target port", it'll automatically count the number of ports in the range you specified above and open the right number of ports.
Title: Re: How to open ports on wan to internal ip
Post by: kwekkerz on February 11, 2020, 11:41:10 PM
Top....It Works  !!!! Yesss.... You Make my day very very good...now i can sleep ;-) love it. Thanks
Text only | Text with Images