Messages

[Associated firewall rule: Pass]

For inbound port forwarding you don't need anything in Firewall > Rules. Just add an entry in Firewall > NAT > Port Forwarding like this:

Interface: WAN
Source: any
Destination: WAN address
TCP/UDP and ports: as needed for application
Redirect server: your internal host, ports as needed for application

And then, a couple of lines below:

Associated firewall rule: Pass

And that's it!


HTH,
Patrick

Thank you, the port forwarding is working, it just wasn't working in my specific case.  I can open rdp and connect no problem over lte so it's not that.  Thank you for the reply.

is the default deny rule even movable?

adding outbound rule screenshot for reference

I've spent...more hours in the last 2 days than I'd like to admit trying to get port forwarding to work, specifically for games as an example game I've been trying to get the ports forwarded for Destiny 2 as these ports are well documented by bungie on what needs to be forwarded.  I have a simple setup with one dynamic public ip on fiber to the home, a 24 port switch and a couple of wifi access points.
I spent hours and hours creating nat port forwarding rules and then opening the game and watching the firewall live view block every port I need under the "Default deny / state violation rule".  I even installed os-upnp thinking this might work even though I truly believed this shouldn't have to be on and I don't like it.  But at this point I was willing to try anything. 
Then I found what I think might have worked here: https://forum.opnsense.org/index.php?topic=8812.0 where a guy called "the forum troll" advised to set nat mode to hybrid and then add an outbound rule with a provided screenshot.
After I did this everything just magically worked.  The source address field asks for single host or network, I entered the IP I've been creating nat rules for and it seems to have applied this outbound rule to the entire subnet.
I now open Destiny 2 and I have "open" nat type, I open my wife's stupid tablet games and everything in there loads up like it should as well (last night the game would load but some things within the games wouldn't load).
So currently I'm still running upnp, I still have all of my port forward rules created for destiny 2, and I have that outbound rule setup.
So can I turn off upnp now?  Do I even need the nat rules in the screenshot attached, or is the outbound rule enough?
Also shouldn't the default allow all from lan be enough to have overcome this issue, why is the outbound nat rule needed?  And if it's needed with nat why isn't the default subnet added as an automatic rule?
Also is there anything wrong with the nat rules I've created here?  I've included the rule set and opened one as an example.