Messages

Hello alh

Okay so you are Posten in the 20.7 Forum so everybody assumes you have at least 20.7 installed there are some major differences.

Secondly just change your Outbound NAT to Hybrid and delete the Any to any Rule, this way you can do your own rules and do not miss the right rules and the any to any Rule is wrong.

If you have a strong point about not using the Hybrid or automatic mode, just use the hybrid mode for the moment you can rebuild your manual rules afterwards.

After changing the Outbound NAT to Hybrid mode and applying everything do a reboot because opnsense have to rebuild the rules and the reboot makes everything faster.

I think after the reboot and if your Servers/Clients are configured the right way your Problems should be gone.

Greetings
Looking forward to hear from you [emoji112][emoji322]

PS: you have to delete and rebuild your NAT forward rules with NAT reflection and associated rules enabled, after the reboot.

Gateway, VLAN config etc. is fine. Everything works from the LAN/VLANs as intended. The only issue I have is that the port forward does not work. It actually does work in the sense that requests are forwarded to the server but the reply of the server is not travelling back through the Firewall. So the client just times out. If a client from LAN connects to the server in VLANx it works perfectly fine. But then this is simple routing and not DNAT.

This is the exact same Problem I had.
Do you have multiple DHCP-Servers on the Network where the service lives?
It could be that locally you can connect but the configuration of the Server is using just the same Network Gateway as your client but when it the connection comes from the outside the Gateway of your server have to be the Firewall that is getting the connection from the outside.
Did you checked your Port forwarding rules make sure the interface is set to WAN and no source is setup maybe delete the rule and re enter it this could help with settings you did for your system.
You can go to the Outbound NAT and make sure there is the VLAN added automatically to the Outbound NAT Rules.

Greetings
Looking forward to hear from you [emoji112]

Okay alh so I have a Speedport to and have an Router behind it, also a connection through Deutsche Telekom.

I have the server now in an VLAN and where the Firewall is the Default Gateway, and did a static configuration of the server where I have to set the Default Gateway manually as i did it static.
Then I setup a Port Forwarding with the same protocol as the server(UDP for me),
source have to be any,
destination has to be WAN Address and the right Port( the same you setup as Portweiterleitung in the Speedport).
Redirecting to the server IP and the right port.
Selected NAT = enabled and did all this for the WAN Interface.

I did not check your details mentioned above, please check your settings by yourself and youse a different Network for your VLANs.

If your LAN is on
192.168.50.0/24
Your VLAN should be an a different Subnet like:
VLAN 250
192.168.250.0/24

It doesn't need to be a 24 Subnet(Class C) it could be another as well but it makes things easier because most people use these standards.

You don't need any additional rules they are only security risks.

Greetings
Looking forward to hear from you.

As I said, I don't think we understand each other. And if it is true what you say/suggest these dropped packets should show up in the firewall log. They don't.

1. Did you noticed we are 3 people in this thread.

2. My Problem was the endpoint configuration. Default Gateway was false. Didn't see anything in the Firewall log but now I can see them and the connection is established. So your suggestions is wrong.

Okay so thanks for your input.

I did some research on another site as I figured out did not used opnsense as the default Gateway. So this was my ( little) Problem.

Greetings

Did you make sure DNS records are correct?

It is possible that your servers IP has changed.

https://mxtoolbox.com/ <---- run checkup for your domain on there and check what issues it finds, (there usually are few issues there)

In my situation, the other services are working fine, only the one I want to route through opnsense is not working.

If I do a Package Capture or look at the states table, the Connection is initialized.

So DNS is working absolutely fine.
It seems to be a problem with opnsense.

Same Problem here.

Have just for testing a TS3 Server Up and running with my other Firewall everything works and with a new install of opnsense with correct Checksum there is no chance. Have outbound NAT and Reflection activated in the settings. Connecting established from outside gets by NAT to the correct IP an Port but nothing goes out. Can connect to the server from my LAN without problems and as I told can connect from outside through my other Firewall without Problems.

Greetings looking forward to hear from you guys.