OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: supabib on November 12, 2018, 10:51:48 pm

Title: NAT : port forwarding with a WAN on a private network
Post by: supabib on November 12, 2018, 10:51:48 pm

Hello everyone,

My ISP gave me a box which cannot act as a simple bridge so I have to deal with OPNSense having a private IP address on the WAN


Here is :

                           ISP BOX                         WAN                PFSENSE                         LAN         WEB SERVER
                        ___________________                 ______________________                   _____________
INTERNET ----> |PUBLICIP|192.168.1.1| -----------> |192.168.1.28|192.168.2.1| -----------> |192.168.2.119|
                         |_______|__________|                 |___________|_________|                  |____________|



I'd like to redirect 80/443 ports to my webserver (80->80 & 443->443), I've followed tutorials reviewed all I had done several times but it won't work..

Configuration :

WebServer : started and listens on both ports

ISP Box: both ports are redirected to OpnSense.

OPNSENSE
IF : WAN IPV4 TCP
SOURCE : any
DESTINATION : WAN address, port HTTP/HTTPS
REDIRECT : 192.168.2.119, port HTTP/HTTPS
NAT REFLECTION : enable
FILTER RULE... : Rule NAT


With this it doesn't work.


SO I tried to change the "Destination" and put my public IP.
It seems to be working in HTTPS (Firefox won't dusplay page because of selfsigned cert) but doesn't seem to work in HTTP ("connection impossible").

Anyway, putting my public IP as Destination doesn't seem to be a long term solution and I need port 80 to be well redirected (for let's encrypt at first)
I feel that putting "Destination : WAN address" should only be done when WAN is actually a WAN (i.e. with a public IP), which is not my case. However, I don't know what else I could put there...

Can anyone help me configuring my port forwarding?

Thanks in advance, :)

Title: Re: NAT : port forwarding with a WAN on a private network
Post by: supabib on November 13, 2018, 08:59:29 pm

An update with the log view when trying to access with my smartphone (4G network) (it start with the last line) :

Code: [Select]

Interface Time Source Destination Proto Label
lan <- Nov 13 20:38:55 smartphone_public_ip:36364 192.168.2.119:443 tcp let out anything from firewall host itself
wan -> Nov 13 20:38:55 smartphone_public_ip:36364 192.168.2.119:443 tcp USER_RULE: https_rule
lan <- Nov 13 20:38:55 smartphone_public_ip:36362 192.168.2.119:443 tcp let out anything from firewall host itself
wan -> Nov 13 20:38:55 smartphone_public_ip:36362 192.168.2.119:443 tcp USER_RULE: https_rule