OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: huukiller on October 18, 2017, 03:14:02 am

Title: [BUG] Filter rule association in Port Forward
Post by: huukiller on October 18, 2017, 03:14:02 am
I create a rule of port forward, I go in floating, lan and wan, I create rules releasing everything to all senses, and port forward does not work, it gives timeout, and when I select the option "filter rule association = pass", it works First of all, it does not create any firewall rules, so I can understand these things in opnsense, does it create invisible rules and create rules by releasing everything that is possible in the firewall to continue blocking?
Title: Re: [BUG] Filter rule association in Port Forward
Post by: franco on October 18, 2017, 08:58:40 am
Hi there,

A port forward forwards a port, it does not allow or block packets. You can either manually create pass rules (if needed, e.g. on a WAN where the default is to block) or use the default which creates the associated rule on the correct interface.

The associated rule, however, is pretty basic as it only allows the port forward to work. Sometimes pass rules already exist or the access is handled by different rules for maintenance reasons, that is when you don't use an association.


Cheers,
Franco
Title: Re: [BUG] Filter rule association in Port Forward
Post by: huukiller on October 20, 2017, 12:29:17 am
okay, but I can not understand the fact of deleting all the WAN and LAN rules, and leave only one rule in the la to go out to the internet and msm so only with that Filter rule association option that I can connect to, and if I do not have any rules in WAN, how can I connect to my machine inside LAN, sorry if I'm being annoying, but I use pfsense for years, I would like to migrate to opnsense, but I do not understand why these basic things that should be the same in the 2 itms, they behave differently, I would like to migrate clients to opnsense, but before I wanted to understand better, it also has the fact that the openvpn soh rules accept connection coming through the WAN if the rule is in FLOATING, the same rule only in WAN no it works, I have already compared the configs between pfssense and opnsense and they are the same and behave so different, I find it strange