I have nginx installed op opnsense with: firewall - rules - wan - destination "this firewall" port 80 and one with port 443.
This works with the opnsense-router/ISP ip and with ipv6, but I have added a virtual-ip (VIP) ipv4 and ipv6 to opnsense, this firewall rule does not work for the VIP ipv4?
Is that normal behavior? I would have expected it to work since virtual ip bind to the wan?
I have made a workaround for this by adding a firewall-NAT-portforward rule- with destination "Virtual ip" and port 80 and one for port 443 both to Redirect target IP [Opnsense LAN ip / 192.168.1.1], that works...
But is that how it should be?
Anybody else with this behavior? or knows how to fix this with VIP ipv4?
Should work the same.
"This firewall" is just an alias to "self" keyword in pf, means all addresses on all interfaces (all VIPs and tunnel local addresses included).
thnx, yes that is what I expected also. But it does not work with the nginx plugin for VIP ipv4.
I only get nginx to work when I add a Nat portforward rule for this VIP to 192.168.1.1 (port 80 and 443).
Is this how the nginx plugin works or is this a bug in nginx plugin / opsense?
N.B. problem still exists after updating to the latest nginx with:
OPNsense 23.1.10_1-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1u 30 May 2023