Hi all,
I'm trying to set up port forwarding on an OPNsense firewall, but I'm running into an issue where the upstream network cannot reach my HTTP server.
Setup details:
WAN interface: 10.0.20.51 (connected to an internal network of an external company – I have no administrative control over their infrastructure).
LAN HTTP server: 113.30.11.7 (should be accessible on TCP port 80).
Goal: Make the HTTP server reachable from the upstream company network.
What I've configured so far (OPNsense):
NAT → Port Forward:
Interface: WAN
Protocol: TCP
Destination: WAN address
Destination port range: 80 (HTTP)
Redirect target IP: 113.30.11.7
Redirect target port: 80
NAT reflection: Enabled (just in case)
Filter rule association: Pass
Firewall → Rules → WAN:
Allow TCP traffic from any source to WAN address on port 80.
Issue:
When I try to connect to http://10.0.20.51 from a host in the upstream network, I can't reach the web server. No traffic seems to hit the LAN host (confirmed via packet capture on OPNsense).
Questions:
Are there additional settings required on OPNsense to handle this type of upstream network scenario?
Would a 1:1 NAT or Outbound NAT adjustment help here?
Any suggestions would be greatly appreciated.
Thanks!
Obviously your OPNsense web GUI is listening on port 80.
Go to the System > Settings > Administration and disable the redirection of port 80 to the web GUI.
Also the VLAN30 bypasses your OPNsense. What is the sense of this?
This will lead into asymmetric routing issues.