Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: Issa2024 on November 17, 2024, 03:50:53 PM

Title: Minecraft - Behind OPNSense
Post by: Issa2024 on November 17, 2024, 03:50:53 PM
Hello, so i got my openSense installed and iwant add a new minecraft serveur behind it

this my configuration :

https://i.imgur.com/MonLopf.png

so with that not workink i dont'"t understand why, can u help me to figure why please ?


log i got in journal of opnSense :


   Interface      Heure   Source   Destination   Proto   Label   
wan      2024-11-17T14:43:15   IPCLIENT:42071   192.168.25.12:25565   tcp   Default deny / state violation rule   
wan      2024-11-17T14:43:07   IPCLIENT:42071   192.168.25.12:25565   tcp   Default deny / state violation rule   
wan      2024-11-17T14:43:03   IPCLIENT:42071   192.168.25.12:25565   tcp   Default deny / state violation rule   
wan      2024-11-17T14:43:01   IPCLIENT:42071   192.168.25.12:25565   tcp   Default deny / state violation rule   
wan      2024-11-17T14:43:00   IPCLIENT:42071   192.168.25.12:25565   tcp   Default deny / state violation rule   
wan      2024-11-17T14:37:56   IPCLIENT:42020   192.168.25.12:25565   tcp   Default deny / state violation rule   
wan      2024-11-17T14:37:48   IPCLIENT:42020   192.168.25.12:25565   tcp   Default deny / state violation rule   
wan      2024-11-17T14:37:44   IPCLIENT:42020   192.168.25.12:25565   tcp   Default deny / state violation rule   
wan      2024-11-17T14:37:42   IPCLIENT:42020   192.168.25.12:25565   tcp   Default deny / state violation rule   
wan      2024-11-17T14:37:41   IPCLIENT:42020   192.168.25.12:25565   tcp   Default deny / state violation rule   
wan      2024-11-17T14:37:24   IPCLIENT:42015   192.168.25.12:25565   tcp   Default deny / state violation rule   
wan      2024-11-17T14:37:16   IPCLIENT:42015   192.168.25.12:25565   tcp   Default deny / state violation rule   
wan      2024-11-17T14:37:12   IPCLIENT:42015   192.168.25.12:25565   tcp   Default deny / state violation rule   
wan      2024-11-17T14:37:10   IPCLIENT:42015   192.168.25.12:25565   tcp   Default deny / state violation rule   
wan      2024-11-17T14:37:09   IPCLIENT:42015   192.168.25.12:25565   tcp   Default deny / state v


if u can hel me to explain what happening please ?

Why i can see all this wired port acces from internet with IPCLIENT on the firewall with this wired port and not only the port of Minecraft ?

Thanks
Title: Re: Minecraft - Behind OPNSense
Post by: Seimus on November 18, 2024, 11:50:23 AM
Because that's how networking works.

If the application doesn't specify what source port it uses it most likely will be random port generated by the application on the source.

Usually game servers specify only the Destination port that needs to be set by the source, the source port is generated randomly from the 49152–65535 range.


Regards,
S.
Title: Re: Minecraft - Behind OPNSense
Post by: dseven on November 18, 2024, 12:11:08 PM
It looks like you've created an inbound firewall rule for port 25565 on 192.168.1.150, but the port-forward on "Box Internet" is pointing to 192.168.25.12. You'll either need to add port forwarding for on OPNsense (double-NAT), or if you don't want double-NAT, change the port-forward on "Box Internet" to point to 192.168.1.150 (and you'll probably need a static route on "Box Internet" for 192.168.1.0/24 (or whatever you're using for OPNsense's LAN) pointing to 192.168.25.12
Text only | Text with Images