I'm having problems with port forwarding / reverse proxy from the outside world to my internal network. I've changed my OPNsense GUI port to 8000, but still the HTTP (80) & HTTPS (443) ports seem to be in use of something is not working correctly. I've set up a DNS record for domain.com pointing to my public IP address, so I then can use HAproxy for reverse proxy. The thing is now, when I surf to domain.com, my site does not show.
It's not a DNS issue, because the same happens when I surf to the public IP directly. The weird thing is, in Live Logging in the firewall settings, I can see all incoming TCP request to my WAN on every port, except the 80 & 443 ports. I've tried surfing to domain.com:<RANDOM_PORT> and to <PUBLIC_IP>:<RANDOM_PORT> and these both get logged, so I now this request comes in, and if I then apply firewall rules for that random port to my interal host, that works. It's really just HTTP & HTTPS traffic that doesn't seem to come in.
Do I need to configure something else? I have no specific firewall rules enabled, only the default ones. If I could just start by seeing these requests in my logging, then I can do the firewall rules/reverse proxy myself.
Quote from: wardv on June 06, 2024, 08:55:47 PM
I'm having problems with port forwarding / reverse proxy from the outside world to my internal network. I've changed my OPNsense GUI port to 8000, but still the HTTP (80) & HTTPS (443) ports seem to be in use of something is not working correctly. I've set up a DNS record for domain.com pointing to my public IP address, so I then can use HAproxy for reverse proxy. The thing is now, when I surf to domain.com, my site does not show.
It's not a DNS issue, because the same happens when I surf to the public IP directly. The weird thing is, in Live Logging in the firewall settings, I can see all incoming TCP request to my WAN on every port, except the 80 & 443 ports. I've tried surfing to domain.com:<RANDOM_PORT> and to <PUBLIC_IP>:<RANDOM_PORT> and these both get logged, so I now this request comes in, and if I then apply firewall rules for that random port to my interal host, that works. It's really just HTTP & HTTPS traffic that doesn't seem to come in.
Do I need to configure something else? I have no specific firewall rules enabled, only the default ones. If I could just start by seeing these requests in my logging, then I can do the firewall rules/reverse proxy myself.
Nevermind, seemed to be an ISP problem. They block those ports on their level. You need to ask them to open it ...
You could use sockstat to see which process on the OPNsense uses these ports.
sockstat -l
To free port 80 you have to do this:
Enable the checkbox for HTTP Redirect - Disable web GUI redirect rule in System - Settings - Administration.
EDIT: Oh okay thats new, most providers only block 25. 80 and 443 sounds like an extra mean provider.