OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: jjonsson on June 08, 2017, 04:24:06 pm

Title: Port Forward Virtual IP
Post by: jjonsson on June 08, 2017, 04:24:06 pm
I can't get portforward to work with a virtual IP. What am I doing wrong ?

The WAN port is X.X.199.3/24. I have added a virtual IP of X.X.199.4/24

I have port forward from WAN address to internal host and I have port forward from virtual Ip to internal (different) host.
WAN address to 192.168.10.12
(http://i68.tinypic.com/2krg2v.png)

Virtual IP to 192.168.10.16
(http://i67.tinypic.com/213qf7.png)

If entering https://X.X.199.4/ host on WAN address (192.168.10.12) is shown, not on virtual IP (192.168.10.16)

Any help appreciated...
Title: Re: Port Forward Virtual IP
Post by: hutiucip on June 09, 2017, 01:25:25 pm
Hello!

You need NAT -> Port-Forward Rules also, in conjunction with Firewall Linked Rules to those NAT -> Port-Forward rules.
You didn't mention anything about P/F rules, do you have them? What are those looking like?

PS I don't have such or similar setup scenario, so I think that, as you need some reverse proxy rules, port forward might not be enough. To be seen, discussed, and tested.
Title: Re: Port Forward Virtual IP
Post by: jjonsson on June 17, 2017, 11:32:13 am
Ok, this is very strange. Port forward to X.X.199.4 works as long as no similar portforward is setup to X.X.199.3

I have portforward to SSH up running. I get correct server when using X.X.199.4 (No portforward is setup on port 22 to X.X.199.3 -> 192.168.12)
Same does not apply with X.X.199.4. Both port 80/443 forwards to X.X.199.3 instead.

For X.X.199.3 I'm using "WAN address" in port forward rule. For X.X.199.4, I'm using "X.X.199.4" in port forward rule. I can't use X.X.199.3 instead of WAN address (seems like that would solve the issue).

Is this a bug or ?
Title: Re: Port Forward Virtual IP
Post by: bladman on July 15, 2017, 02:23:52 am
Ok, this is very strange. Port forward to X.X.199.4 works as long as no similar portforward is setup to X.X.199.3

I have portforward to SSH up running. I get correct server when using X.X.199.4 (No portforward is setup on port 22 to X.X.199.3 -> 192.168.12)
Same does not apply with X.X.199.4. Both port 80/443 forwards to X.X.199.3 instead.

For X.X.199.3 I'm using "WAN address" in port forward rule. For X.X.199.4, I'm using "X.X.199.4" in port forward rule. I can't use X.X.199.3 instead of WAN address (seems like that would solve the issue).

Is this a bug or ?

I have had the same issue after upgrading from 16.x.

You have to create an Alias (Firewall -> View -> Aliases) and create an alias called WANIP with the primary IP address of your router (so the WAN Address).

After that change the rule that has WAN Address in it and set the Destination address to your newly created alias. After that everything starts working.

It seems that the bug is that instead of WAN Address being used, the WAN NET is being used in the port forward.