OPNsense Forum
English Forums => General Discussion => Topic started by: Jose on June 26, 2018, 07:34:28 pm
-
Hi, since I've tried numerous how-to also can't search for solution yet, I decided to starting a new thread in hope someone in the same boat with solution can bring some light.
I'm having a very hard time trying to get a simple web server to be accessible outside my network(for testing purposes) through No-IP/Port forward, I will post brief setup of my current network in hope to get some advice if I am doing something wrong on my end, before I consider to call my ISP in which is very slow wen it comes to customer support unfortunately. :-[
Lets start with my setup and what I'm trying to accomplish for reference, my setup is as follow:
ISP/Locked Router/DHCP WiFi/AP/Bridge Switch/Unmanaged Wired
[Ubiquiti Wireless Radio]----->[OPNsense 18.1.10]----->[Netis WF2419]----->[ PowerConnect 2808]----->[Clients]
HERE (https://drive.google.com/file/d/109MqHgEWe-XGWKS7MMbT4cIQhkiXmXqh/view?usp=sharing) is an image of the above network setup/diagram.
My Web server in question is a simple Apache server running on my FreeBSD file server and currently accessible locally with the IP: 192.168.1.xxx:8080, OPNsense is handling all the Unbound DNS, DHCP and DDNS with my No-IP account, the DynDNS plugin is currently working and cached my outside WAN IP address and is reflected in the No-IP website as expected, now the odds are coming.
I configured port forwarding for the Apache IP/port as follows:
<Source>
[IF=WAN]--[Proto=TCP]--[Address=*]--[Ports=*]
<Destination>
[Address=LAN Address]--[Ports=*]
<NAT>
[NAT=192.168.1.xxx]--[Ports=8080]
My DNS Servers are as follow:
#1: 208.67.222.222
#2: 208.67.220.220
#3: 192.168.1.1
Allow DNS server list to be overridden = Unchecked
Do not use the DNS Forwarder/Resolver = Unchecked
A further test I performed under Windows "nslookup" returned also the following:
> myhostname.ddns.net
Server: opnsense.localdomain
Address: 192.168.1.1
Non-authoritative answer:
Name: myhostname.ddns.net
Address: 104.238.xxx.xxx (WAN IP)
>
Overall with this setup, I can access my specified "myhostname.ddns.net" and I'm redirected to external WAN which is working fine, but the port forward is not redirecting to internal Apache target IP/port for some reasons, in either default port 80 nor with 8080 etc, additionally every port tester I've used say Port not open and others say Connection refused. :(
I really apologize for my rather messy post and I hope to get some advice from experienced OPNsense users regarding port forward behind a locked ISP router, oh and really sorry for my English. ::)
Regards
-
Hello, again I'm really sorry for this rather repetitive and messy type of post, however since I'm in this same boat (https://superuser.com/questions/465775/better-ways-to-setup-a-webserver-behind-isps-nat) unfortunately, and cannot access my ISP Router/NAT, I just give up on it, and will try alternate solutions like in the previously posted link above, since switching from ISP is not an option by the moment. :-\
Regards
-
I think I found a quick working solution to workaround this Locked ISP/Carrier Grade NAT issues, is a no install required service called Serveo (http://serveo.net/), an SSH server remote port forwarding, while may not fit every solution, home/soho can benefit from it I think. ::)
I just created a script to fit my needs with a heartbeat loop to auto reconnect upon remote host possible disconnections/target machine availability, and is working great so far from OPNsense appliance itself since its 24/7. :)
Maybe a very simple plugin supporting this and similar services could be useful, will take a look into it by the way.
Regards