1
17.7 Legacy Series / Re: Port forwarding, internal server to external port
« on: May 12, 2018, 03:20:42 am »
Seriously wonderful step-by-step walk through. I'm most definitely not a network guy, and configuring this type of firewall is new for me. A HUGE Thank You to BertM!
Hi Newbiewifi,
If I understand correctly, on your internal LAN you have a web server running a website (for example www.mysite.com).
The webserver has an fixed IP address on the LAN, and you want to access it by it's name, both from the outside and the inside network.
An alias is not going to help you, because these are only used to make your config easier to read for humans.
But here is an example that will work.
I don't know how much experience you have with configuring network things, so I will try to keep this as simple as possible and explain very detailed.
First let's make some assumptions:
- Your external IP address is 123.45.67.89
- Your LAN interface is configured as 192.168.10.1/24
- Your webserver running HTTP (port 80) and HTTPS (port 443) lives at address 192.168.10.30
- You are the owner of the domain mysite.com and the URL for your webserver is www.mysite.com
- In external DNS, you have an A record for www.mysite.com pointing to 123.45.67.89 (your external IP address)
Here is what you have to do:
Configure an aliases to make your config more readable.
- Click Firewall ==> Aliases ==> View
- Click the "Add a new alias" button
- Enter the following info:
Type: Host(s)
Name: Webserver
Description: The webserver host
Host(s): 192.168.10.30
Description: Webserver IP address- Click Save
- Click the "Add a new alias" button again
- Enter the following info:
Type: Port(s)
Name: Websrv_Ports
Description: The webserver Ports
Port(s): 80
Description: HTTP port- Click the plus sign to add another line and enter the following information
Port(s): 443
Description: HTTPS port- Click Save and Apply Settings
If you are forwarding both port 80 (HTTP) and port 443 (HTTPS), you want to set the port for the web gui of your OPNsens to another port, for example port 440.
In that case you will access the web gui of OPNsense like https://yourIPaddress:440The OPNsense web gui will automatically reconnect in 20 seconds, using the new port.
- Click System ==> Settings ==> Administration
- Enter 440 in the TCP port field
- Click Save
Add the port forwarding rule to send any incoming HTTP and HTTPS traffic to your webserver.
- Click Firewall ==> NAT ==> Port Forward
- Click the Add button to add a new Port Forward rule
- Select the following information
Interface: WAN
TCP/IP version: IPv4
Protocol: TCP
Destination: WAN Address
Port range: From: Websrv_Ports To: Websrv_Ports
(You can select that from the dropdown because you created the alias)
Redirect target IP: Webserver (again, you can delect that because you created the alias)
Redirect target ports: Websrv_Ports
NAT reflection: Enable (Pure NAT)
Filter rule association: Add associated filter rule- Click Save and Apply Settings.
This will do what you want to achieve.
- The external DNS server will resolve www.mysite.com to your external IP address.
- The NAT/PortForward rule will forward this to your webserver.
- If internally www.mysite.com is also resolved to your external IP address,
NAT Reflection will send this outgoing traffic back inside towards your webserver.
I hope this info helps.
Kind regards,
Bert