I'm using Opnsense last version:
OPNsense 23.1.9-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
(the problem below happened also in a previous version)
1- I have an Alias
IPSAllowed - list of host external IP's allowed
2-I have a NAT port forward rule
source - IPAllowed
source port - any
destination - WAN Address
destination port range - 20000 to 20000
Redirect target IP - 192.168.0.20
Redirect target port - MS RDP
The problem is:
From a lot of different hosts, If I try to access the port 20000,
I can.
BUT from a specific host, If I try to access the port 20000,
I can't !
If I change the NAT port forward rule, and put ANY in the source,
I can access from the specific host also !
Strange is:
1-The specific host IP it's in the Alias host list.
2-The outgoing port is open, because when the rule in Opnsense is ANY, I can access the port
3-The other Internet source hosts can access the port ,even the rule is applied to only hosts sources from the Alias host list
How can I diagnose the problem and solve ?
I did not find in opnsense logs the problem.
Where can I find it ?
Thank you
Do a tcpdump on WAN for port 20000 and watch if the host in question really uses the IP address you think it does.
Thank you pmhausen
With tcpdump I could find the problem
The problem was:
Using https://whatismyipaddress.com/ in the source I got an external IP adddress
And with tcpdump -n in opnsense it what's displaying that the source was connecting using another external IP number !!!!
Then I allowed this IP and it works
Why https://whatismyipaddress.com/ does not show the correct number ?
I tested also with https://www.myip.com/ , https://ipaddress.my/ , https://nordvpn.com/pt-br/what-is-my-ip/
All gave me the wrong IP
I tried also in different browsers.
I will also ask to my ISP provider why this happening.
Thank you !!
Corporate machine running ms windows perhaps?
The Source machine is a Home machine, running Windows 10 Home Single Language 22H2
The Destination machine is a Windows 10 Pro 22H2 in a business network with Opnsense as a firewall in the network
I always could connect
Last days ago I changed my internet fiber link ISP provider at home , and since then the sites below does Not show my real external IP address
https://whatismyipaddress.com/
https://whatismyipaddress.com/
https://www.myip.com/
https://ipaddress.my/
https://nordvpn.com/pt-br/what-is-my-ip/
It shows 177.xxx.xxx.xxx (I wrote xxx to not show the real numbers)
I have to use tcpdump -n in opnsense to get my real source IP Address
Tcpdump -n shows 100.xxx.xxx.xxx
Solved - I don't know my, but while my ISP what giving me an Dynamic Internet IP, the IP in source was one and in opnsense tcpdump was another.
MY ISP fixed my external IP , and know tcpdump shows me the same number that I got in the source with www.myip.com
(I allways have used dynamic Ip's, and it was the fist time I saw this strange behaviour)