Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: fiR3W4LL87 on January 22, 2023, 04:42:17 PM

Title: Port Forwarding issues
Post by: fiR3W4LL87 on January 22, 2023, 04:42:17 PM
I am on the edge of desperation
I have now read several posts and howtos like:
https://forum.opnsense.org/index.php?topic=8783.0
but I still can't reach my goal.

The internal traffic works as desired via all the VLANS etc.. But when I want to share my gaming server, I just can't get to it and according to the opn-ports tools, the port is still shown as closed.

Now I ask myself, what am I missing?

I have a router from my ISP and have DMZ mode switched on, so it forwards everything to Opnsense. In the Opnsense I have entered the NAT Port Forwarding as in the forum above, from this a rule was directly set up in the WAN.

Under Firewall->Settings-> Advanced I have set the marks for Reflection for port forwards and Automatic outbound NAT for Reflection.

However, I cannot access it via my ext. IP.

Opnsense is still quite new territory for me, maybe that's the reason :P
Title: Re: Port Forwarding issues
Post by: lilsense on January 22, 2023, 05:08:53 PM
issue is the NAT of your ISP router. you need to set your ISP router to just bridge and not NAT. if you want to keep everything same then you'd need to port forward the same on the ISP router as well.
Title: Re: Port Forwarding issues
Post by: fiR3W4LL87 on January 22, 2023, 05:57:22 PM
Hi lilsense

Problem is, i cant set the Modem to bridge mode. It cant do that.
I could enable static route to the Opnsense box but dont want to setup two times the rules :(
Title: Re: Port Forwarding issues
Post by: Patrick M. Hausen on January 22, 2023, 06:07:15 PM
I guess by "DMZ" feature you mean "exposed host" so all incoming connections are forwarded to your OPNsense?

In your inbound NAT Port Forwarding rule on OPNsense did you set "Filter rule association" to "pass"? Please try this.

Last, you will probably not be able to access your external ISP IP address from inside. The "reflection" or "hairpin" stuff as it is frequently called would need to be supported by your ISP router. It's not even necessary on your OPNsense.

So use a mobile internet connection and try again if you can reach the desired ports. After checking the NAT configuration as described above.
Title: Re: Port Forwarding issues
Post by: fiR3W4LL87 on January 22, 2023, 08:38:19 PM
I got it -.-
I hoped i didnt had to do it on that way. But i have to login into the Modem of the ISP and set the Port forwarding rule also there -.-
The DMZ function didnt work -.-
Such a shame
Title: Re: Port Forwarding issues
Post by: jlab on January 22, 2023, 09:12:38 PM
Quote from: fiR3W4LL87 on January 22, 2023, 08:38:19 PM
I got it -.-
I hoped i didnt had to do it on that way. But i have to login into the Modem of the ISP and set the Port forwarding rule also there -.-
The DMZ function didnt work -.-
Such a shame

The problem is, your ISP modem isn't allowing any traffic in on those ports, you have 2 ways to do this. Bridge mode OR  port forward those ports to the OPNsense box, doubble natting your setup works for going out, but anything in is not going to work properly.

Call the ISP  get a new modem that allows you to bridge ?  Or look for passthrough on the modem.
Text only | Text with Images