Print Page - Port Forwad fails

Title: Port Forwad fails
Post by: Tripple_Delta on May 30, 2023, 08:23:35 PM

OPNsense 22.7.11_1-amd64

I have a simple NAT forward rule so my son can make an offsite backup to my NAS.
Never had any problem with

Untill now, after his IP has changed. Changed the settings in OPNSense and all I get is this error:
Default deny / state violation rule

What am I doing wrong?

Title: Re: Port Forwad fails
Post by: Patrick M. Hausen on May 30, 2023, 08:29:19 PM

If you do not show us the details of your port forward rule, it's impossible to tell.

Title: Re: Port Forwad fails
Post by: Tripple_Delta on May 30, 2023, 08:36:53 PM

Agree.
Here is a screenshot.

Title: Re: Port Forwad fails
Post by: Patrick M. Hausen on May 30, 2023, 08:46:20 PM

You need to navigate to Firewall > Aliases and change the IP address for Bert_Home to the one you son is using. The default deny rule log should give you the information which one is actually active.

Title: Re: Port Forwad fails
Post by: Tripple_Delta on May 30, 2023, 08:48:02 PM

The IP was already changed.
Actually, this is the only setting I changed.

Title: Re: Port Forwad fails
Post by: Patrick M. Hausen on May 30, 2023, 08:49:32 PM

Double check if the IP you configured matches the one reported in the live view and the default deny entry. Same for the destination port range.

Apart from that: no more ideas over the forum, sorry.

Title: Re: Port Forwad fails
Post by: Tripple_Delta on May 30, 2023, 08:52:07 PM

Where do I find the defaul deny rule entry?

Title: Re: Port Forwad fails
Post by: Patrick M. Hausen on May 30, 2023, 09:00:17 PM

Go to Firewall > Log Files > Live View

I assumed that's where you got the info that the connection hits the default deny rule. Find a denied packet to that specific port(s) and click on the (i) to the right.

This will give you all details about the connection attempt. There should be a mismatch somewhere. Possibly your son is now using a connection with carrier grade NAT and the IP address his router is showing him as "external" in reality isn't?

You might want to read into setting up a VPN connection. Just a suggestion.

Title: Re: Port Forwad fails
Post by: Tripple_Delta on May 30, 2023, 09:22:58 PM

This is the info from live view.
No idea what's wrong.

Title: Re: Port Forwad fails
Post by: Patrick M. Hausen on May 30, 2023, 09:26:30 PM

So 192.168.1.2 is your WAN address? That's odd to say the least.

Title: Re: Port Forwad fails
Post by: Tripple_Delta on May 30, 2023, 09:31:08 PM

The network behind the modem is 192.168.1.x/24.
I setup a DMZ to 192.168.1.2, which is the WAN port of the OPNSense Box.

There is nothing else on the 192.168.1.x network.

Title: Re: Port Forwad fails
Post by: Tripple_Delta on May 30, 2023, 09:59:48 PM

What I don't understand is there are more forward rules. All working well. Only that single rule, where the external IP changed, refuse to work.

Title: Re: Port Forwad fails
Post by: Patrick M. Hausen on May 30, 2023, 10:15:52 PM

Try to put the IP address into the rule verbatim instead of an alias.

Title: Re: Port Forwad fails
Post by: Tripple_Delta on May 30, 2023, 10:22:02 PM

I already tried this.
Also allow any on that port. No succes.

Title: Re: Port Forwad fails
Post by: Tripple_Delta on May 31, 2023, 09:32:37 PM

Fixed. Don't ask me how.

First I changed the source by any. Works.
Next I changed source by network. Still working.
Narrowed it down to one IP. The settings I started with. Still working.

I don't get it. ::)

OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: Tripple_Delta on May 30, 2023, 08:23:35 PM