I've just installed and setup OPNsense. I THOUGHT I understood how the Virtual IPs, Aliases and Rules work, but I'm missing something here.
I have 4 Virtual IPs
Mailserver,
Webserver1
Webserver2
Plex
Both Webservers are on CentOS (one on CentOS 7 and the other CentOS 8) both are Virtual servers on Apache (I upgraded from Smoothwall Express 3.1 and they were working fine before the upgrade. In fact if I down the OPNsense and reload Smoothwall it all still works, so it's me. I've dome something stupid or I'm missing something.
I have 3 x DNS servers all have entries for the servers.
In NET--> Virtual IPs --> Settings I have xxx.xxx.xxx.xxx/29 one for each Virtual IP
In Aliases I have:
Mailserver and Mailserver Ports
Webserver1 and Webserver1 Ports
Webserver2 and Webserver2 Ports
Plex and Plex Ports
In NAT Port Forward, I have an entry for each of the above
Interface -WAN
TCPIP - IPV4
Protocol - TCP
Destination - one of the Virtual IP addresses
Destination Port Range - the Alias for Port range
Redirect Target IP - Alias of the server.
In Rules I have an entry Pass for each one.
My Mailserver works fine
Plex works fine.
Both my CentOS Webservers work INTERNAL, but no one can connect to them from EXTERNAL.
I thought Ports 80 and 443 are open by default. I was obviously wrong. I tried putting those ports into the Alias as well - same result
A customer tried to ping and tracert. Nada.
What have I missed / done wrong?
If I go to a VPN and try to access the site after a LONG wait I get the message:
write tcp 10.238.1.122:46489: write: connection timed out
WTF does 10.238.1.122 Nothing to do with us. we are on a 192.168.0.0/24 network