Hello,
I have a opnsense 25.1.
I have one vlan per customer. ( and multiple customers of course ).
I have a WAN range ips: 1.0.0.0/24
I want to make a port-foward from 1.0.0.1 to one customer vlan ip.
So i configured:
- Interface: WAN
- Source: any
- Destination: 1.0.0.1
- Translate to: 192.168.2.4
I also create the firewall rule to permit the trafic.
That point is OK !
I have a no-nat rules from all my local subnets to 1.0.0.0/24 ( to preserve client ip on the wan devices ).
However, if the trafic come from one local ip to the port-forward ip, it's the firewall which handle the connection and it's not redirected to the local ip.
External connections are ok !
In opnsense, i need to edit the port-forward and select all interfaces one / one.
The problem, is if i add a new network, i won't add on all my port-foward the new interface.
How simplify this ?
Can you add the possibility to listen on "Any interface" instead of selecting interfaces one / one ?
Best regards,
I'm not sure if I'm understanding your problem correctly, but I think you need to enable [Firewall > Settings > Advanced > Reflection for port forwards]
Hello,
I enabled it, i don't see difference, making a curl on my wan ip from inside show me the opnsense webui instead of making the redirection.
But if on the port forward rule, i choose my lan interface, then it works. but why ?
You should not try to forward the port used by the Web UI. If you want to forward port 443, (first) move the Web UI to another port [System > Settings > Administration > Web GUI > TCP port].
Here is a network diagram of my infrastructure
Resume of the situation.
1.1.1.1 -> 1.1.1.2 = OK
INTERNET -> 1.1.1.2 = OK
192.168.1.2 -> 1.1.1.2 = Webui of the interface, other port are not working.
I have a no-nat from 192.168.0.0/16 to 1.0.0.0/24 to preserve client ip on our "public server" which can enter in the network thought the opnsense which serve of gateway.
And a global nat for the rest of internet by the ip 1.1.1.253
But IF on my port-forward rule, i enable also the local interface, it works !
In the screen of my opnsense, i show that if i check openvpn ( for example, but it could have been whatever interface ) it works.
PS: i move the admin port and cchange the listen interface to admin vlan only, it's doesn't change anything except now, i haven't anything answering.
Your screenshot shows OpenVPN. That's not a local interface.
BTW, 1.1.1.1 is a well known CloudFlare public DNS server. You can't really be using that on the internet...
1.1.1.1 It's an example .... i will not show your my real networks / ips and the issue gone when i select my lan interfaces