Messages

[The gateway address "" does not lie within one of the chosen interface's IPv4 subnets.]

Hey,

I need some help to enable 1:1 NAT. I have 2 x IP from my service provider but I am unable to correctly set up 1:1 NAT.

I have a feeling it is a gateway issue.

The 2 IP's are way different and don't share the same subnet. like so 119.18.15.* and the second is 159.196.45.*

Most places say to set the WAN as static but when I do this the gateway won't automatically set up and manually setting it won't apply. When in DHCP it the gateway finishes.1 I try to set this manually in the gateway but it does not allow if so have turned WAN back to DHCP so the internet will work.

So onto the second IP.

I set a virtual IP with the IP they provided. Then set up a gateway I tried to set it with the .1 but says The gateway address "" does not lie within one of the chosen interface's IPv4 subnets.

If I set the gateway address the same as the IP address this works and says its online.

In firewall NAT 1:1 I set WAN the External IP service provider set and my internal IP I want to use that address for. Enable it all and save.

I get IPv6 address but no IPv4 address when set like this.

I know the virtual IP says proxy ARP I tries IPalias first was seeing if that matters

What kind of connection is it as asked???

do you have the line connected into your mini PC???

As it should go wall plug to your modem that you will need to set into bridge mode then from modem to Mini PC with Opnsense then from that to your switch if you need multiple ports.

Line in - bridged modem - Mini PC (Opnsense) - switch - PC

Awsome.

Have you tried to play the games both at the same time??? Do you have open NAT on both out of interest???

As I say I have been trying to do this for 18 months and it won't work with PC and PC I have found but people have had success on the consoles as I say they seem to have multiple usable ports for this reason.

I used to run a VPS hosted in the city nearest to me and set up wireguard on that. I could port forward all my ports on the VPS and I hate open NAT wireguard routes all its traffic through its own port leaving the other PC to use them.

The issue with the new modern warfare 2 is they shadow ban VPS IP addresses. So it would search for 5 mins and get thrown in a 300ms ping game. I tried every company offering a VPS and not worked. Play vanguard or older COD no issues. Turn VPN off 11ms ping lobbies all night even with strict NAT so at least I give it to them they allow you to find a lobby with a strict NAT.

I have one more thing to try and thought I would just inform you encase you maybe interested.

I have ordered a separate IP address from the ISP so I will have 2. Only issue here in Australia it's only available as a business connection, Which is OK as I have an ABN but may limit the average person. In theory I can set a virtual WAN IP that will route one PC through one WAN IP and the other through the other IP so there are no port conflicts.

I asked a question about this earlier in the week but had no reply but found a video of this exact thing being done on PFsense and if it can be done there, then there is a way on OPnsense.

I am awaiting the service to be switched over and then have to order the bolt on extra IP but I can keep you updated if you are interested in this approach.

The service cost is the same as I am paying now I will just be charged $5 per extra IP a month I add on which is OK alot less then my VPS cost.

You can not port the same port to multiple devices. So when one connects it will use the 3074 port and when the second connect it will not be able to use that port.

As said I have read with COD (not sure the new MW2) but the old ones they have opened ports to 3075 and 3076 for a fallback if multiple systems. This is only enabled on consoles though not for PC so the PC has to use the 3074. Why I suggest trying to block it on the Xbox so if it connects first it rejects the port.

It would be worth a try and I am interested in your result.

You could also try UPNP which I am playing with now but it is not creating any rules for my PC when using COD. If I start deluge it will create a rule for that so its not the PC seem the game has issues opening the port??

If you use UPNP i would port forward the PC and run the Xbox on UPNP. Tick default deny rule then set user specific permission. like this. Changing the 192.168.0.0 to your Xbox static IP address.

allow 500-4500 192.168.0.0/24 500-4500
Deny 3074 192.168.0.0/24 3074

also remove all forwarding rules for the Xbox as they will interfer

Also onto this have you set the outbound rule with static port??

Source address is your gaming PC and then any for everything else tick static port and apply

[PC Gaming ports UDP]

What is the game???

As if its call of duty then you won't be able to as the Xbox shared the 3074 port which the PC requires to connect.

I have this issue with 2 x PC's I can not get a workaround you may be able to by removing the 3074 port to the Xbox as unlike PC it can run under 3075 as an alternative for the game but for some reason, this is not possible on PC I can find.

port forward 3075 for the Xbox and 3074 for the PC. Also if you can find how I looked but cant figure it out block port 3074 to the Xbox this will force it to use the alternate port.

You could also run the Xbox in DMZ but I have seen people having consoles work together.

Edit: You can also tidy up the screen by adding multiple ports to the port alias. This way you can have one rule for all UDP and one rule for all TCP ports -  like this

PC Gaming ports UDP 3074,4379:4380,27000:27031,27036

Hello,

I have a question. Me and the wife play the same game and obviously require the same ports to be forwarded to 2 different LAN addresses which does not work (unless some one can inform me how). I have tried this and searched it up and have had no luck.

I was thinking if I get a second external IP (WAN) from the service provider can I have one machine run off one external IP and the other off the other external IP, Would this be possible to then open both ports to both machines at the same time???

I called the service provider and they see no reason why I can not get both open now but you know what they are like. I asked if there is an option to have another external IP added he said they are able to on a buisness plan which I would have to switch over.

So before I waste my time and money I thought I would ask the brains in here. Is one of these options doable? or am I stuck with a strict NAT while my wife has open?

Now I have run wireguard on a VPS for a few years and this works. The problem now is the game shadow bans all the VPS servers I have tried resulting in games taking 5 mins to find than having 300ms ping. Turn it off straight into a game 12ms ping. I have tried all the companies I can find to see if maybe one will work but it won't.

thanks tried that.

Got it fixed. Uninstalled OPnsense and installed PFsense all working now. Bit unfortunate it wouldn't work but was a lot faster doing that then just deleting and installing them to no end

Ok I removed all rules as I think due to clicking copy rule it was not creating any firewall rules. Have added them all separately but still have no open ports. added all the ports to my windows firewall which should not matter as they worked fine before the only change was the OPNsense server.

Have attached some screenshots hopefully someone can see where I am going wrong.

Hello,

I am having trouble to get ports open with OPNsense, I created an alias for the different machines then set up the port forwarding in the NAT part. Have attached a screenshot of the setup please tell me what is wrong. I have tried WAN address, WAN net, This firewall and LAN address in destination none of them seem to work ports still stay closed and get strict NAT while gaming.

Any help would be good. Thanks