OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: DrDeed on September 22, 2016, 03:49:14 am

Title: [SOLVED] Headaches with Port Forwarding - AirAve
Post by: DrDeed on September 22, 2016, 03:49:14 am
Hey guys,

So for starters, I think I'm in love with opnsense. I had previously tried pfsense but found it way to cumbersome, vs opnsense which has been easy to navigate, looks clean (an understatement for sure). I think I've even got our network admin to fall in love with it. :)

I recently received an airave and have had issues trying to get it setup.
For starters, Sprint seems to want it on the edge, but that isn't going to happen. So I finally got them to give me the ports. And afterwards configured my firewall's port forwarding as shown in my screenshot*. Of course it added allow rules in the firewall (beautiful feature btw).

My only concern at this point is that when I go to canyouseeme, and punch in port 500, it claims it to be closed. Any ideas?

Thanks,
Sam

EDIT: Worth noting that my modem is in transparent bridge mode, so it should not be a factor.
Title: Re: Headaches with Port Forwarding - AirAve
Post by: DrDeed on September 22, 2016, 10:39:04 pm
Any thoughts? Do I have the rules setup appropriately?
Title: Re: Headaches with Port Forwarding - AirAve
Post by: franco on September 22, 2016, 10:58:17 pm
Hey Sam,

Welcome!  :)

Is this the setup they suggest?  Is it a requirement from them to set the "broadband connection device" to bridged mode?

https://www.sprint.com/landings/airave/how_it_works.html?INTMKT=MKT:MS:20131030:AIR:MSU:EEE:HowAirWorks

I'm not familiar with the device so I had to research a bit. The ports you mention are correct, the rule setup seems so as well.

Is there an actual connection problem or only suspicion due to canyouseeme?  I don't know which port probing technique they use, but if they rely on TCP, the UDP port forwards will likely not show as open.


Cheers,
Franco
Title: Re: Headaches with Port Forwarding - AirAve
Post by: DrDeed on September 23, 2016, 02:06:35 am
Cheers franco, and thanks for the warm welcome!

I thought you were on to something, so I changed my port rules to TCP just for giggles (screenshot 1), but canyouseeme still shows it as being closed. Although it does show the port I use to access my firewall remotely as being "open".
I've confirmed as shown in my second screenshot that it did appropriately update the firewall rule. Is the destination in the firewall rule correct though (or should it be "WAN ADDRESS")? I'm sure it seems like a basic question, but after the day I've had I'm finding it difficult to troubleshoot clearly (if that makes sense).

The airwave itself is not working behind my firewall, I'm attempting to use canyouseeme to vet my process and confirm that I have all the right ports setup, if there is a more appropriate tool or method of vetting open ports via WAN I will use that.
Posts such as this indicate it is possible to have the Airave behind a nat:
https://community.sprint.com/baw/message/463293
And Sprint themselves provided me with a list of ports upon request. Although they do not recommend it (probably because it requires more work to function appropriately). That said I've heard complaints of people that put the Airave between their modem and firewall/router.

Thanks!
Sam
Title: Re: Headaches with Port Forwarding - AirAve
Post by: DrDeed on September 25, 2016, 04:27:39 am
Figured it out.
Long story short those Airave's like to be as close to the gateway as possible apparently, and I had it behind an access point. Putting it direct to the switch fixed the problem.
Title: Re: Headaches with Port Forwarding - AirAve
Post by: franco on October 01, 2016, 04:42:39 pm
Hi Sam,

Sorry for the delay. Glad this worked out!


Cheers,
Franco