Messages

I think I'm making things more complicated than I should. The 240 address is a server I'm trying to port-forward to. The 10.1.1.254 & 10.1.1.253 is a /30 just to connect the 4948 to the opnsense box for internet.

If I understand correctly, the only NAT'ing that's happening is between the WAN and the 10.1.1.254 (LAN TRANSIT IP of the opnsense box). So any other remote networks beyond that don't need to be NATT'd, just a FW rule to allow 443?

Here is a small diagram:

OPNSENSE (10.1.1.254 TRANSIT) ----> Cisco 4948(10.1.1.253 TRANSIT) [ALL VLANS ROUTED here]

So yes you are right, just want to port-forward through the opnsense box to a server that lives on a VLAN on the 4948.

Since I have all my VLANs routed on the Layer 3 switch, I have a transit VLAN setup to connect to the opnsense box. Would I port-forwarding as normal or would I need to do anything different since my networks don't reside on the box?

Hey all,

I got a question about port forwarding I need help with in this situation. I have all my VLANs routed via a Cisco 4948, and using a VLANfor transit between the opnsense and switch. Port forwarding is acting strange, the port checker is seeing every port as open from the internet, I set up the PF rules, but still cannot connect to a server I have here.

Here is what I did:
Src IF: LAN, SRC Proto: TCP, SRC Address: *, SRC Ports *, Dest Address: WAN Address, Dest Ports: *, NAT IP: 10.3.240.244,  NAT Ports: 4433

Not sure if the transit network I have setup comes into play here, any ideas??