"
I set up a new lab firewall and set it up again with an empty config and now it works! :)
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
General Discussion / Re: Return Traffic of port forward goes through the wrong wan interface / gateway
June 20, 2025, 06:40:49 PM #2
General Discussion / Re: Return Traffic of port forward goes through the wrong wan interface / gateway
June 20, 2025, 04:53:50 PM
Hi,
I'm experiencing the exact same issue. Even after setting the "reply-to" option, it's still not working.
The response traffic from the port forwarding is going out through the wrong WAN interface instead of the WireGuard tunnel.
What am I doing wrong?
VPS:
WAN: 65.x.x.x
wg0: 10.88.88.1
→ Port forward: 65.x.x.x:80 → 10.88.88.5:80
OPNsense:
WAN: y.y.y.y
LAN: 10.0.10.254
wg0: 10.88.88.5
→ Port forward on wg0: 10.88.88.5:80 → 10.0.10.55:80
→ Firewall rule using custom WireGuard gateway (10.88.88.1)
→ SNAT rule: 10.0.10.55 to any via 10.88.88.5
WebServer with NGINX:
IP: 10.0.10.55 (GW: 254)
Outbound traffic from the WebServer works correctly over the WireGuard tunnel.
Traceroute to 1.1.1.1 shows:
10.0.10.254
10.88.88.1
*
1.1.1.1
edit:
according to tcpdump it responds with the correct IP.
But on the "wan" interface and not wg0:
tcpdump -i wan
IP 10.88.88.5:80> x.x.x.x:5032
I'm experiencing the exact same issue. Even after setting the "reply-to" option, it's still not working.
The response traffic from the port forwarding is going out through the wrong WAN interface instead of the WireGuard tunnel.
What am I doing wrong?
VPS:
WAN: 65.x.x.x
wg0: 10.88.88.1
→ Port forward: 65.x.x.x:80 → 10.88.88.5:80
OPNsense:
WAN: y.y.y.y
LAN: 10.0.10.254
wg0: 10.88.88.5
→ Port forward on wg0: 10.88.88.5:80 → 10.0.10.55:80
→ Firewall rule using custom WireGuard gateway (10.88.88.1)
→ SNAT rule: 10.0.10.55 to any via 10.88.88.5
WebServer with NGINX:
IP: 10.0.10.55 (GW: 254)
Outbound traffic from the WebServer works correctly over the WireGuard tunnel.
Traceroute to 1.1.1.1 shows:
10.0.10.254
10.88.88.1
*
1.1.1.1
edit:
according to tcpdump it responds with the correct IP.
But on the "wan" interface and not wg0:
tcpdump -i wan
IP 10.88.88.5:80> x.x.x.x:5032
#3
German - Deutsch / Re: Bug?: IPv6 Portforwarding auf VIP
October 30, 2022, 05:12:54 PM
Hi,
was genau hast du vor NAT64?
Oder verwendest du für intern ULA Adressen und willst ein NAT66 machen?
Grundsätzlich ist ein NAT bei IPv6 ja eigentlich nicht nötig / Sinnvoll.
Ausnahmen bestätigen wie immer die Regel ;D
Bin mir nicht mal sicher ob die OPNsnese NAT66 supportet?
Grüße
was genau hast du vor NAT64?
Oder verwendest du für intern ULA Adressen und willst ein NAT66 machen?
Grundsätzlich ist ein NAT bei IPv6 ja eigentlich nicht nötig / Sinnvoll.
Ausnahmen bestätigen wie immer die Regel ;D
Bin mir nicht mal sicher ob die OPNsnese NAT66 supportet?
Grüße
#4
22.7 Legacy Series / wrong statistics display for firewall rules inside the inspect menu
October 30, 2022, 04:59:13 PM
Hello guys, :)
I have migrated some time ago from pfSnese to OPNsense.
Here I noticed on all my OPNsense setups that the traffic display of individual firewall rules under "Rules / Interface / Inspect" displays always the wrong traffic values?
https://i.imgur.com/lwZSJqO.png
https://i.imgur.com/rffIRRf.png
It is generally very confusing to find a specific rule after clicking on the "Inspect" button, if you have not previously stored a description of the rule.
Is it not possible to integrate the "Inspect" menu into the normal firewall/rule menu like pfSense?
Am I the only one who is annoyed by this? ;D
Do not Misunderstand!
I love the OPNsense and there are so many reasons not to use pfSense.
But in this one case, the pfSense feature is better integrated into the web interface.
best regards
the_Uli
I have migrated some time ago from pfSnese to OPNsense.
Here I noticed on all my OPNsense setups that the traffic display of individual firewall rules under "Rules / Interface / Inspect" displays always the wrong traffic values?
https://i.imgur.com/lwZSJqO.png
https://i.imgur.com/rffIRRf.png
It is generally very confusing to find a specific rule after clicking on the "Inspect" button, if you have not previously stored a description of the rule.
Is it not possible to integrate the "Inspect" menu into the normal firewall/rule menu like pfSense?
Am I the only one who is annoyed by this? ;D
Do not Misunderstand!
I love the OPNsense and there are so many reasons not to use pfSense.
But in this one case, the pfSense feature is better integrated into the web interface.
best regards
the_Uli
Pages1
