Opnsense seems to be blocking port 80 preventing me from using my nginx proxy manager.
Just so its out of the way
- Created Port Foward Rules for 443 and cloned for 80
- Port 443 Works but port 80 does not
- ISP COnfirms its open
- Live view shows my connection going to my container over port 80
- Turned off proxy and redirected to test server running apache (Fresh isntall). http works internally as expected
- Externally I cannot get to it
- Running nc -l 80 (after turning off apache) I can't see any connection
- Created new rule for port 6969 can confirm I am connecting to server using nc -l 6969
- Running nc -l 80 (after turning off apache) I can't see any connection
- Running nc -l 80 (after turning off apache) I can't see any connection
- Settings - Administration (Checked in Disable web gui redirect rule)
- Firewall - Settings - Advanced (Checked in Disable administration anti-lockout rule
I am running OPNsense 23.7.1_3-amd64
At this point I have not other idea what to do. My main goal is to foward 80 and 443 to my nginx proxy manager and get my auto renewal for ssl certs working. I know the firewall is the culprint since putting back my dd-wrt modem fixes everything. I"m at a lost to what is happening.
please check your settings in System | Settings | Administration.
You probably need to disable the web GUI redirect rule and use a custom port for it. Check the help tips.
For shits and giggles...I put my original router and reconfigured it to foward ports 80 and 443. It works as expected so I can confirm it is opnsense acting funny.
Quote from: cookiemonster on August 23, 2023, 10:37:31 PM
please check your settings in System | Settings | Administration.
You probably need to disable the web GUI redirect rule and use a custom port for it. Check the help tips.
Disable web GUI redirect rule has a check mark next to it
GUI is listening on https on port 4433
Still cannot foward properly
I just put up traefik in front of my opnense. Had the same issue. I had to add the Alternate host name I was using under System: Settings:Administration.
Quote from: axsdenied on August 26, 2023, 05:02:30 PM
I just put up traefik in front of my opnense. Had the same issue. I had to add the Alternate host name I was using under System: Settings:Administration.
Dumb question....what do I fill it in with? The docs show an up address so I put in the IP of my firewall. But it mentions 2 IPs? What did you put in to get this to work?
What ever domain name you're using that points to the proxy server. i.e. opnsense.yourdomain.com
I tried and it still isnt working. I tried firewall1 (hostname is opnsense) and firewall1.mydomain.com
DId you have to create the dns records for the alternate name? If so was it internal and/or external.
So i'm using a real domain name that own that is controlled by cloudflare. For internal devices I create a DNS override on OPNsense to point to internal resources. That way, inside my network it hits my DNS server and points appropriately. Externally it points nowhere as I don't expose my services outside of my network. I use a VPN when I'm away from home.
So new update. Using IP to a new server still fails BUT i did turn on packet tracing and see the packets and see an error [TCP Retransmission] Opening up the packet I see "This Frame is a (suspected) retransmission"
I see in the log TCP Retransmission 80 -> 21796 or 21796
I suspected it might be my job's firewall so I tried at my parents and brother who are using DD-wrt and a stock asus. They also get this error.
https://imgur.com/a/9uPyZJB (https://imgur.com/a/9uPyZJB)
I have almost the same problem (wrote a post here https://forum.opnsense.org/index.php?topic=35786.0): one port forward rule for internal Traefik (ports 80 and 443), worked for 2y, all of the sudden it stopped working, but only for port 443.
Difference respect to your issue is that I can't see any entries in live view for port 443, only for port 80.
Spent 2 days on this without solving anything. Driving me mad.