Messages

Hi,

I have a IoT device on my network that is sending status updates to an external cloud server.  I have a proxy server running elsewhere on my network and I want to route all traffic from the IoT device to my proxy.

I thought this would be a simple port forward on the LAN interface but no joy!  What am I doing wrong?  My thoughts were:

Firewall -> NAT -> Port Forward -> New Rule:

Interface - LAN
Protocol - TCP
Source - IoT device IP/32
Source Port - any
Destination - Cloud server IP/32
Destination - Cloud server port
Redirect target IP - My LAN proxy IP/32
Redirect target port - My LAN proxy port

I've used the packet capture on the LAN interface and can confirm the IoT device is communicating with the ports and IPs I thought it was - it's just the rule appears to do nothing.

Thanks!

Title says it all really.  Not sure what I'm doing wrong.

I've had it working great in the past but for some reason can't get the behaviour I'm looking for.

I have a 73/18 connection and a downloader using port 563.  I want to allow the downloader to use the full bandwidth when it's available but when something else saturates the connection throttle it back to 10mbit/sec guaranteed.

I've set up two pipes, Up/Down with speeds 18/73mbit/s.  I've created three queues, Up, Downloader and EverythingElse.  Up is weighted 1, Downloader is weighted 10 and EverythingElse is weighted 63.  I've then got two rules, one with all default options but port 563 and pointing to the Downloader queue, sequence 1 and another with all default options, Sequence 2, pointing to the EverythingElse queue.

Looking at the status page when testing the shaper is doing something because the traffic shows up in the right queues but no matter what I change the weights to the bandwidths being use don't change.  The Downloader queue seems to get the most bandwidth.

Any ideas?

Thanks.

Works great - thanks!

OK thanks - much appreciated.  Will post back if further difficulties!

Trying to create a DMZ to put a web server in.  I have OPNSense running on a dedicated server in a Hyper-V VM and have configured 3 interfaces; one LAN, one WAN and one DMZ.  I've set up block rules to stop traffic crossing from the DMZ to the LAN and vice-versa then added a port forward rule to send all ports/protocols to the web server host in the DMZ.

1) Is my approach right?  It seems to work and my DMZ machine can see/be seen from the net.

2) FTP is broken; I get a connection and a log in, but it fails to list the directory.  If I put another VM in the DMZ it works so it's definitely OPNSense!  It happens with plain FTP and TLS.

Thanks!