Messages

This isn't a particularly satisfying resolution, but it did end up fixing the problem. I factory reset my OPNsense router, set it up from scratch, and re-created the port forwarding rules. Now everything works as expected! There must have been some rule I initially misconfigured which was causing an issue.

Thank you to everyone who gave advice on this I appreciate the help you provided!

Apart from that, you can check if the packets are passed by using tcpdump on your LAN interface.

For tcpdump I simultaneously logged LAN and WAN packets and looked for the same packet getting passed from WAN to LAN. I saw some SYN packets that appeared to be successfully passed from WAN:443 to truenas:9112. I wish I could upload the wireshark logs, but I'm worried about privacy since the logs contain my public IP address. I'm pretty new to analyzing these kinds of logs.

I also started looking at Firewall > Log Files > Live View to see if I could find any packets that were blocked trying to access port 80 or 443 on my external IP address. In my port forwarding rules, I enabled logging packets handled by the port forward rules and then in the firewwall live view I could see tons of packets getting redirected as they were coming to my WAN IP address on port 80/443. I didn't see any packets getting blocked if they accessed my WAN IP on port 80 or 443

I will change the rule to "pass" temporarily to see if that fixes anything. I'll also get logs from tcpdump on my LAN interface when I get home. I don't think there's an issue with my TrueNAS or NGINX config since the OPNsense router was a 1:1 replacement with my old router and has taken the same IP address. (192.168.0.1)

Also, is it possible you are forwarding port 80 to 9112 instead of 9110 or just a typo?

Apologies, that's just a typo. It was pretty late when I wrote this so I accidentally added an extra "s".

How is you OpnSense attached to the internet? Do you put it behind your router?

OPNSense is acting as my router and its wan port is connected directly to my modem via an Ethernet cable. The LAN port is then connected to a switch that goes to every other device. My former router now just acts as a dumb wifi AP and is connected to the switch like all of the other devices.

Assuming your previous router can do port forwarding, we can rule out CG-NAT, right?

Yeah I've ruled out CG-NAT because I was successfully port forwarding until I switched to OPNSense. The only thing I've changed in my setup is the router so I'm pretty confident that's where the problem lies.

Hello everyone,
I'm very new to OPNsense and just started using it last week. I've got the basic setup working and can access the internet through my OPNsense router. I previously had several services that I forwarded through my old router and I want to continue forwarding them in OPNsense.

Most of the services go through NGINX which has the IP address: 192.168.0.76 and uses port 9110 for HTTP and 9112 for HTTPS.
I configured OPNsense NAT port forwarding as follows:
----------------
Aliases:
Name: truenas
Type: Host(s)
Content: 192.168.0.76
------------
Name: NGINX_HTTP_Port
Type: Port(s)
Content 9110
------------
Name: NGINX_HTTPS_Port
Type: Port(s)
Content 9112
-------------------
NAT > Port Forward:
Interface: WAN
TCP/IP Version: IPv4
Destination: WAN Address
Destination Port Range: HTTP to HTTP
Redirect target IP: truenas
Redirect target port: NGINX_HTTP_Port
NAT reflection: Enable
Filter rule association: Create associated rule

The above configuration was copied and modified accordingly for the https port.
----------------
Rules > WAN
Protocol: IPv4 TCP
Source: *
Port *
Destination: truenas
Port: NGINX_HTTP_Port
Gateway: *
Schedule *

There is another entry here for HTTPS as well. Both of these were automatically added by OPNsense when I configured the port forwarding settings.
--------------------
Settings > Advanced:
Reflection for port forwards: enabled
Reflection for 1:1: disabled
Automatic outbound NAT for Reflection: enabled
--------------------

When I try to access one of my sites such as test.example.com while connected to the WiFi, I have no issue accessing it. However, when I try to access the site from my phone using data I just get ERR_CONNECTION_TIMED_OUT.

I've been pulling my hair out over this for days trying to get this working and I've perused many other posts on here which don't seem to have quite the same issues. Any help would really be appreciated, thanks!