Dear community,
my fiber bridge does have a second IP for local configuration web interface: 192.168.33.1
For this I configured a virtual IP (IP alias) on the WAN interface. Ok - this works.
From the LAN side I can only reach it when doing a port forwarding using ssh (ssh -L 88:192.168.33.1:80 root@opnsense).
When configuring a Firewall-NAT-Port forwarding I am failing:
LAN1 TCP * * This Firewall 88 192.168.33.1 80 (HTTP)
Also tried a firewall rule:
IPv4 TCP LAN1 net * * 88 * * Glasfaser Modem
But nothing helps.
Any ideas welcome. Thx!
You only need an outbound NAT rule on the WAN interface:
destination: 192.168.33.1/32
translation: virtual WAN IP
Configured it:
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN LAN1 net tcp/ * This Firewall tcp/ 88 192.168.33.1/32 80 NO
But getting a timeout when opening http://opensense:88
This is not, what I suggested.
Your rule translates the source address to the modems IP (192.168.33.1) and the source port to 80?
Quote from: teclab on January 15, 2026, 08:37:33 PMBut getting a timeout when opening http://opensense:88
So this is expected.
Just obey the suggestion and access the device by its IP then.
Quote from: viragomann on January 15, 2026, 08:43:36 PM... and access the device by its IP then.
I am not accessing the modem by its IP. I need to http to OpenSense on port 88, and from there forward to the modem 192.168.33.1 on port 80.
That's why I gave this example:
From my desktop PC I do:
ssh -L 88:192.168.33.1:80 root@opnsenseAnd then doing
http://opnsense:88 I get forwarded to the modem.
Sorry, but I did not want to "disobey" you
*lol* ... I might not understood it better ...
But if you correctly NAT on the interface you can just use http://<ip of modem> without SSH or anything.
Quote from: teclab on January 15, 2026, 10:24:04 PMfrom there forward to the modem 192.168.33.1 on port 80.
And what's the sense of forwarding the traffic?