OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: jafinn on January 23, 2019, 08:55:20 pm

Title: SOLVED: Troubleshooting port forwarding
Post by: jafinn on January 23, 2019, 08:55:20 pm

I'm actually not quite sure where to start troubleshooting this and could use some guidance to get started.

I've had port forwarding on my OPNsense box working now for years. I haven't touched the rules but might have touched some other setting.. The port forwards are to multiple machines on my network so it is unlikely that I messed up all of them at the same time:)

I've tried the really basic stuff, rebooting, removing and adding the rule. I could of course try to roll back but I've changed a lot of settings in HAproxy and the LetsEncrypt plugin so that's mainly what's in my history.

Local IP:port works so the machines respond on LAN. My WAN address also responds as long as I'm connected to my LAN but not from WAN.. So the rule works with NAT reflection but not NAT? This is what puzzles me, why does it work internally but not externally?


Can anyone spot an obvious mistake? This one for example for Plex

(https://i.imgur.com/Ck4GRt1.png)

And my advanced firewall settings

(https://i.imgur.com/ZfZ1z7X.png)

Title: Re: Troubleshooting port forwarding
Post by: jafinn on January 24, 2019, 12:08:16 pm

I've tried to do some more testing and if I add an IPv6 rule to forward ICMP to one of my hosts it works, the same rule for IPv4 doesn't respond.

The only trace I can see in the logs from the IPv4 ping is two different hits on WAN and LAN with "let out anything from firewall host itself". I can't see any incoming packets being blocked (or allowed for that matter). The source in the LAN hit is my external IP and the destination on the WAN one is the same external IP.

Since the IPv6 works fine and the ICMPv4 traffic appears in my logs as allowed I'm assuming this is most likely a NAT/routing issue? Any suggestion would be highly appreciated:)

Title: Re: Troubleshooting port forwarding
Post by: jafinn on January 24, 2019, 12:43:05 pm

Finally found something helpful:)

Seems it is related to this issue https://forum.opnsense.org/index.php?topic=7132.0 (https://forum.opnsense.org/index.php?topic=7132.0). Setting manual outbound NAT rules worked.

Title: Re: SOLVED: Troubleshooting port forwarding
Post by: franco on January 25, 2019, 11:22:43 pm

Thanks for posting the solution. The particular issue in the thread you reference was fixed in 18.1.6.


Cheers,
Franco

Title: Re: SOLVED: Troubleshooting port forwarding
Post by: walkerx on January 26, 2019, 05:33:01 pm

Also look at my post here (https://forum.opnsense.org/index.php?topic=10429.msg47777#msg47777) where I was having similar issues.

I was recommended to also make a change to unbound dns, see this post (https://forum.opnsense.org/index.php?topic=8710.msg39035#msg39035)

plex has since been working fine