OPNsense Forum
Archive => 16.7 Legacy Series => Topic started by: Julien on July 27, 2016, 01:39:52 pm
-
Hi Guys,
i am on OPNsense 16.7.r2-amd64 first migration from Pfsense to OPNsense.
i can't seem to have port 443 working .
between the OPNsense and the internet there is a ISP router which is forwarding the port 443 to the pfsense IP. the Pfsense is NAT the port 443 to the LAN exchange.
we turned off the Pfsense and turned on the OPNsense, the OPNsense has the same WAN/LAN as Pfsense but the port 443 is not working on the firewall.
turn the opnsense off and turn the pfsense on stuff start working.
can someone point me to the right direction ?
-
Hi Julien,
Does your setup use custom gateways, multi-WAN or a config.xml import from pfSense itself?
I have this up and running on my end, so there is some hidden complexity we're not seeing yet.
Cheers,
Franco
-
Hi Julien,
Does your setup use custom gateways, multi-WAN or a config.xml import from pfSense itself?
I have this up and running on my end, so there is some hidden complexity we're not seeing yet.
Cheers,
Franco
Hi Fraco,
There is no multi-wan or import.
Its a new installation.
Simple port https is forward to the exchange on the LAN
The only think I can compare is there is no VMware tools installed, and nice are vmx3 and not e1000.
I thought I'll wait until the servers are back online to get the VMware tools installed.
-
I am back again,
when I try to access the webserver its not load and I see the block on the firewall logs.
why its blocking it ? even there is a pass rule on the WAN side ?
is this related to the vmx3 ? VMware tools ?
-
How do you test it? From inside LAN (via NAT reflection)? Or from an address in the same subnet as WAN? Or from a "real" outside IP?
Check if you set any upstream gateways.
-
How do you test it? From inside LAN (via NAT reflection)? Or from an address in the same subnet as WAN? Or from a "real" outside IP?
Check if you set any upstream gateways.
thank you for your answer.
i test it from inside and outside the office.
the internet is working everything is working fine without up link i won't be online.
i need to forward port to the exchange, do i have to nat it or just create a rule on the WAN side and forward it to the exchange ?
-
NAT and a rule is created by default if you did not change it there.
But: Testing from inside is never a good idea, it often fails due to various reasons. A mail or web server is normally placed into a DMZ anyway. If you test from outside - is it "really" outside? Testing from an IP address which is in the same subnet as the WAN address might fail too - had this weird problem last week, it's a strange default gateway problem I haven't sorted out yet.
Did you check the packet's flow? Does the mail server get the packets? Where are the packets dropped/lost? A simple NAT shouldn't be much of a problem..
-
Could this also be due to not having "Disable reply-to" enabled under Firewall: Settings: Advanced?
It would make some sense when the packets are replied to the gateway, which may answer back, or may not, depending on its setup.
-
I have the same with 2 installations - both with a migrated configuration of pfsene.
It worked fine before the 16.7 update.
Basically the firewall rules are not working - the interfaces are not showing up in the firewall config (e.g. LAN, WAN, etc.) - OpenVPN and IPSEC are the only listed interfaces.
Please find my screenshots attached.
-
This was a pfSense config.xml import from which version?
If you can please share it with us... project AT opnsense DOT org, otherwise we won't really know what happened.
-
It was 2.3.0 pfsense. Changed the version tag in the config.xml to 11.2 and imported it to opensense.
I'll send you the config.xml.
Luckily it's both kvm virtual machines - I'm online on the pfsense again.
Regards
-
thanks to franco it's now fixed!
You have to search & replace through your config.xml!
replace "<enable/>" with "<enable>1</enable>" and reimport the config...
-
Well, Ad found it, it's already in the repo and GUI-based workaround exist.
https://github.com/opnsense/core/commit/c17a834f0
Thanks everyone!
-
i managed to get this fixed.
the desination was lan adress, change it to any and everything start working.