I have just installed OPNSense on a Lenovo Tiny PC with an Intel EXPI9404PTLBLK Pro/1000 Pt Quad Port NIC. This system will replace my older system also running OPNSense.
I backed up the config on the old system then restored the firewall settings on the new system. However, despite all port forwards working on the old FW, only one is working on the new FW. I have even deleted and recreated a couple, rebooted the system and installed available updates.
I have run Zenmap on the systems that these ports should forwarded to and all the ports I need on these systems are open. So the issue is with OPNSense
I am using version 24.7.11_2
I am using OPNSense and OpenWRT for a DMZ. OPNSense is the outer firewall and OpenWRT is the inner firewall. I have two servers in the DMZ. I discovered that neither server was able to ping past the gateway via IP4.
Digging into this it turns out I need to check the check box to "Deny service binding". Once I did everything started working, IP4 pinging and port forwards.
Did you setup the routes from both ends or have NAT on the OpenWRT box? How would OpnSense know what lies behind your OpenWRT box?
No I did not configure routes.
Not sure why OPNSense would need to know what is on the private side of OpenWRT.
The only traffic that would need to go to the private side is for Exchange. That traffic I just forward to the WAN side of OpenWRT.
To route the packets back to the source? There is only two ways to do that: setting a route or having the subnet NAT behind the OpenWRT WAN address.
Quote from: meyergru on December 20, 2024, 08:48:40 PMhaving the subnet NAT behind the OpenWRT WAN address.
Which is what I am doing, as I said in my previous comment.