OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: Spearoid on March 04, 2017, 04:40:58 am

Title: [SOLVED] Making sense of port forwarding
Post by: Spearoid on March 04, 2017, 04:40:58 am
I am new to pfsense....spent the past many years with ClarkConnect, ClearOS, then Untangle....but want very badly to be able to use OPNsense in place of all my Untangle boxes.

I cannot wrap my brain around port forwarding...and googling the topic seems to suggest many many others have had similar struggles.

So I understand there are two steps required for each port forwarding need....NAT port forwarding, and Firewall rules.

Even something as basic as testing remote web access is eluding me. I've set it to HTTPS, and verified access on the LAN....I understand the port forwarding rule is already in place by default, meaning we only need to open up access from the Firewall rules settings.......however, the only firewall rule I can make that allows me remote web access is to choose "any" on the source port. If I try to specify 443, I cannot get into the box remotely.

I spent way too much time trying to figure this out, primarily because I have a Polycom videoconferencing unit I plan to use behind OPNsense that will not work without proper port forwarding.

I have many questions...but a couple are these.

When making a port forwarding rule there is a destination IP field and a redirect IP field. These seem redundant to me, but both are required fields. What is the difference between these fields?

Somehow port forwarding rules and firewall rules can be linked together, but this isn't necessary for port forwarding to work?

I've been messing with routers and router software for so long that I can't even believe I am having to post this...but by the end I was just changing things in the rules on a whim hoping to find some combination that would make things work!
Title: Re: Making sense of port forwarding
Post by: djGrrr on March 04, 2017, 07:59:37 am
Source Port = The port that the connection was initiated from (usually randomized so you generally need to keep this set to any)
Destination Port = The port on the External interface of the firewall that you want to forward (This is where you'd set port 443)
Target Port = the NAT destination port, the port on the internal ip to forward to (probably also 443 in this case).

Source IP = Remote IP where the incoming connection is being initiated from (often this should be set to any, unless you want to restrict which ips have access)
Destination IP = the external IP on the firewall (generally WAN address)
Redirect Target IP = the internal destination IP you are forwarding to

Generally you will also just want to leave the default of having a firewall rule automatically generated for the port forward rule.

Generally the interface should be set to WAN as well.
Title: Re: Making sense of port forwarding
Post by: Spearoid on March 06, 2017, 03:27:22 pm
oh sweet mercy, thank you!

It was the definition of destination that was throwing me for a loop. All is working now!