Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: c90k on June 13, 2024, 12:30:06 PM

Title: Portforwarding Multiple WAN IP - Strange Behavior
Post by: c90k on June 13, 2024, 12:30:06 PM
Hi There,

We have an ISP Connection with multiple WAN IPs.
I Set up the Main IP years ago and everything worked as expected.
Because we having some services where the same ports need to be open, i though it would be an idea to manage that using the other WAN IPs.
So i Added the 2 Virtual IPs.

Now the Strange thing - the "old" Portforwardings (Firewall -> NAT -> Portforwarding) are set to "WAN address", but the ports are also open on the Virtual IPs.

When i Set a new Portforwarding with Destination "Virual IP1" for example, the open port is only visible on the Virual IP as expected.
What setting i have to use for the "Main WAN IP" or what im Missing here in my configuration ?
I want the Ports only open on the desired WAN IPs.

Regards, Chris
Title: Re: Portforwarding Multiple WAN IP - Strange Behavior
Post by: Patrick M. Hausen on June 13, 2024, 12:43:20 PM
WAN IP is an automatic alias that contains all addresses on the WAN interface.

You need to create manual aliases with just a single IP address each to use different port forward rules.
Title: Re: Portforwarding Multiple WAN IP - Strange Behavior
Post by: c90k on June 13, 2024, 01:16:12 PM
Hi Patrick,

Thx. That was the solution i came across in the mean time.
I thought WAN adress would be the single WAN IP, WAN net would be all IPs.

A further question, idk if its right here in the topic:
How i can make an OpenVPN Server only available on one desired IP ?
I Set up the bind address to 127.0.0.1 and the nat rule according, but its not working

Regards Chris
Title: Re: Portforwarding Multiple WAN IP - Strange Behavior
Post by: Patrick M. Hausen on June 13, 2024, 06:55:14 PM
That's how it's supposed to work. Please post your NAT rule if you need help.
Title: Re: Portforwarding Multiple WAN IP - Strange Behavior
Post by: c90k on June 14, 2024, 07:58:44 AM
Hi,
Thats my Config
1.) VPN --> OpenVPN --> Instances (new)
Bind Adress: 127.0.0.1
(First Screenshot)
(https://i.ibb.co/2Mn9Ggp/Snipaste-2024-06-14-07-47-59.png) (https://ibb.co/YdRCHpV)

2.) Firewall: NAT: Portforwarding
Interface: WAN
TCP/IP v4
UDP
Source: GeoIP_Allow (GEO Ip Filtering)
Destination: desired WAN IP
Dest. Port: 1198
Dest. IP: 127.0.0.1
(second Screenshot)
(https://i.ibb.co/jv3kvnj/Snipaste-2024-06-14-07-51-55.png) (https://ibb.co/qMmYMT2)
What im Missing ?
Title: Re: Portforwarding Multiple WAN IP - Strange Behavior
Post by: Patrick M. Hausen on June 14, 2024, 05:42:39 PM
What's the associated firewall rule set to? Try "pass" if you do not already.
Title: Re: Portforwarding Multiple WAN IP - Strange Behavior
Post by: c90k on June 19, 2024, 08:10:39 AM
Sorry, missed your reply.

I cannot change or view the firewall rule in detail, probably because it was generated via the nat rule
But here
(https://i.ibb.co/VBGnJXX/image.png) (https://ibb.co/PCyXFBB)
Text only | Text with Images