"
Hi,
thanks for the help!
Can you elaborate a bit why that will help?
The port forwarding should happen on "OPNsense A", which already has access to all needed ports of the services behind "OPNsense B". Why do I need to change settings on "OPNsense B"?
In the meantime I learned that Caddy has a "Layer 4 proxy" feature which is able to serve my needs -- I was able to proxy SSH and will test later with IMAP and SMTP. Still wondering why port forwarding fails.
PS: to whoom it may concern: thanks a lot to the great work done with OPNsense, didn't expect to be able to migrate this fast from my simple DSL router to FTH with this setup.
thanks for the help!
Quote from: viragomann on January 07, 2025, 09:24:43 PMAt site B assign an explicit interface to the Wireguard instance (wgX).
Then move over all rules from Wireguard (group) to the new interface.
Ensure that there is no pass rule in the Wireguard applied to the forwarded traffic from A!
Can you elaborate a bit why that will help?
The port forwarding should happen on "OPNsense A", which already has access to all needed ports of the services behind "OPNsense B". Why do I need to change settings on "OPNsense B"?
In the meantime I learned that Caddy has a "Layer 4 proxy" feature which is able to serve my needs -- I was able to proxy SSH and will test later with IMAP and SMTP. Still wondering why port forwarding fails.
PS: to whoom it may concern: thanks a lot to the great work done with OPNsense, didn't expect to be able to migrate this fast from my simple DSL router to FTH with this setup.
