Messages

Some more info, hope it's helpful or you can tell me to stfu :)

I have other forwards where the inside host is a different port than the destination i.e.  wan:3399 non standard port with an alias goes to an inside host at standard rdp 3389. These work.
Also non-standard port with an alias that are the same destination port wan  and inside host.

What doesn't work is 2 non-standard port aliases that are different.  wan:6060 alias to inside host 8080 alias.

That's all I got.

I deleted the WAN rule, and the port forward and re-created, same issue.

If a NAT forwarding rule is using an alias as "Redirect target port" instead of entering it directly the port is not added to the generated pf rule. It was still working in 10.7.3...

noses.

I may have the same problem.  I just did multiple updates from 18.1 to 18.7.6 so can't say which update broke it.

I have 1 NAT Port forward that stopped working after the updates.
The forward is traffic to the WAN interface with a destination port of 6060 redirect to an internal host,  port 8080.
This traffic gets stopped by the default deny rule.  This is my only forward where the dest port gets forwarded to a different port on the inside host. Similar rules that have the same port on the dest host, still work.

Consider yourself lucky to be able to even discuss the Qotom devices. The pf forum has banned all mention of them.

Interesting. Why would they do that? Too serious competition for Netgate devices?

I got mine from the official Qotom store on Aliexpress. Took about a week to Canada, pretty much anything from the U.S> takes a week so that's pretty good. DHL was a tad pricey, but got it here.
I actually have 2, they've been pretty solid. My newest one had a few problems booting. Once when I first installed Sophos, and again last weekend trying to install OPNsense.  A factory reset of the BIOS settings cured it, not sure if I changed something (I don't usually deviate from defaults, other than setting power settings and turing on SMART, so I didn't deliberately overclock or anything)  but has been fine since.
My only complaint is the O/S doesn't see the NICs in the numbered order.

As for the price variance, there are some subtle differences when you order that can be hard to spot in the specs. Case size is one. the larger case will take a SATA SSD. Smaller case has the cables but no way you'd squeeze one in.

Hi there!

What trouble did you have with Unbound and DHCP?

I found that a workstation would obtain a lease, but Unbound would not resolve it until a restart of the service.
Seems to me there was another poster with the same issue. Not a huge deal.  I'm still on 17.7.12

Hi all. Noob here, sort of. New to OPNsense, but have used a number of similar systems, including PF.
I've never run a commercial router in a box at home. I started with RedHat linux back when you had to re-compile the kernel just to do NAT. Still on dial-up at the time,  it used to kick off a modem dial when someone on the network wanted the internet.  Did my own ipchains/iptables under RedHat/Centos for years for my home family network, and homelab.
It got to the point though, where I'd not touch it for months, then need to add something in a hurry, and would be a bit foggy on how to do it, especially when I needed to do hairpin (NAT reflection).
At work we had a Sonicwall, then a Juniper SSG, and now a Meraki MX, so I got a bit spoiled with easy to use GUIs so I figured it was time to simplify. Started with Untangle. Liked it, but didn't want to pay for advanced features. Then tried PF. Liked it too, and used it for quite a while. Switched from running in a VM to running on a Qotom mini pc (got tired of annoyed family members if I needed to to maintenance on the hypervisor, and dropped the Internet).  Weeks after buying my first Qotom I heard about the upcoming limitation with not having AES-Ni. Great timing. I was not impressed. Turns out my mom needed a decent router so she got that one, I ordered a new one with AES-Ni. Shortly after, I needed to evaluate the Sophos UTM for work.
Tried it, and really liked it. But between large family dinners and all the cell phones, and doing the odd port scan, I'd sometimes drift over my 50 IP limit.
So I decided to go back to PF, but as luck would have it, I happened upon the drama in /r/homelab (you know the threads I'm talking about  ;) ) and decided on OPNsense.  Day 3, so far so good.  Populating Unbound DNS from DHCP seems a bit hit and miss, but otherwise no complaints yet.  Oops I wrote a novel, sorry.