OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: rajl on January 26, 2018, 05:55:26 pm
-
This one is aggrevating as it works on PFSense using the exact same configuration as I have on OPNSense. Literally, I switch the boxes and one works and the other doesn't with the same config.
My situation is that I have a small webserver on my LAN that I want accessible from the WAN. I created two port forwards for my WAN interface that forward any TCP traffic destined for my WAN address on port 80 or 443 and forward the traffic to the internal address 192.168.1.XX for the same ports. I can access my server internally inside the network, so I know that the server is working and accessible. When I try to access it externally, the requests time out. Moreover, nothing shows up in the PFSense logs that I can find that show the request being forwarded, denied, or even being received. However, I know that my external DNS records are fine because other services (e.g., OpenVPN) work perfectly.
I'm about to tear my hair out. Any thoughts or help?
-
Please use the forum. Here is a recent thread: https://forum.opnsense.org/index.php?topic=7010.0
Cheers,
Franco
-
Please use the forum. Here is a recent thread: https://forum.opnsense.org/index.php?topic=7010.0
Cheers,
Franco
I did. None of the other threads really addressed my problem. And trust me, I wish they did. If there's one I missed, I would love to see it. I really hate being "that guy." :-[ But I've always had a knack for finding/stumbling on obscure edge cases.
First, that thread you linked to is a different problem than mine. That thread involves adding PF rules for a user to access the WebGui from the WAN. My problem involves using port forwarding to forward web traffic through the firewall to another server.
Second, the solution in that thread doesn't solve my problem (I've tried it just to double check). I have rules for HTTP and HTTPS that pass all IPv4 and IPv6 traffic on port 80 and 443 that come to the WAN address. I also have port forwards that forward the same traffic to internal web server 192.168.1.XX.
To be much more specific, I have a FreeBSD internal server running several jails (one of which is the webserver). I assigned a static IP to the host. However, the DHCP server doesn't support assigning more than one IP address per MAC address, so I just statically assign IP addresses to the jails. I then set up a port forward to the appropriate jail IP and make sure the firewall is also set to pass/allow web traffic. This is not working for OPNSense (and only OPNSense), and I can't figure out why.
If no one has any ideas as to what is going on, that's fine. I was just hoping someone else might be having my problem.
And if this needs to be merged into the other thread too, I'm ok with that (although I hate thread hijacking, which is why I like to keep things in separate threads).
-
Problem solved - Here's the issue:
When creating a port-forward, you have to create a corresponding PF rule that specifies the LAN address you are forwarding to instead of the WAN address. Somehow, the corresponding PF Pass rules did not get added to the firewall to allow the port forwards automatically, even though this is the default behavior. Other than classic PEBKAC, I can't see how this occured. When I tried to add them manually, I assumed that you had to specify the WAN address as the destination instead of the LAN address of the port forward as the destination.
I left this hear as a note to others searching the forum at a later date.
Cheers!
-
When I tried to add them manually, I assumed that you had to specify the WAN address as the destination instead of the LAN address of the port forward as the destination.
Its always been the LAN address, from memory even on pfSense but I dont need port forwards anymore as I use an ISP that provides me with a fixed Block of IPV4 address.
Are you saying when you used pfSense you specified the WAN address ?