I'm trying to migrate my router from pfSense to Opnsense. I've set up a testing box on an ESXi VM. I'm trying to use it to test all features that I need.
Now I'm having a problem to setup port forwarding. From Opnsense and my test server's netstat status, I can see a socket has been created but its state is SYN_RECV.
Here is my configuration:
WAN: 192.168.1.0/24
Opnsense WAN address: 192.168.1.174
Opnsense LAN: 192.168.10.0/24
Internal server: 192.169.10.101, SSH
Opnsense WAN interface: both Block private networks and Block bogon networks are disabled
Opnsense Firewall Settings: In Advanced, Reflection for port forwards is enabled, Reflection for 1:1 is disabled, Automatic outbound NAT for Reflection is enabled
Filewall rule: NAT->Port Forward:
Interface: WAN
Source: Advanced
Source: any
Source port range: any to any
Destination: WAN address
Destination port range: SSH to SSH
Redirect target IP: 192.168.10.101
Redirect target port: SSH
other settings: default
While I use one of my external box 192.168.1.100 to ssh to the OPNsense WAN address 192.168.1.174, I can see the OPNSense box has a log item under Firewall-Log Files-Live View:
"let out anything from from firewall host itself".
On the SSH server, netstat shows:
tcp 0 0 sshsvr:ssh 192.168.1.100:56416 SYN_RECV
after a while, on the external box 192.168.1.100, I get "ssh: connect to host 192.168.1.174 port 22: Connection timed out"
What configurations am I missing?
The same SSH server works fine with a pfsense firewall.
Never mind. I just solved the issue by trying all possible settings in Port Forward. Filter rule association set to Pass did the trick.