Messages

Filter rule association == Pass?

yup, tried with pass and with auto-gen rule

I've searched all thru here and google and can not for the life of me get those 2 ports open for an internal apache server. Confirmed with 2 different port checkers. And YES my ISP is NOT blocking anything, my regular routers all have 80/443 open if req'd.
Config:
OPN 25.7.5
System - Settings - Adninistration: TCP Port 4433 and HTTP redirect checked (Disable WebGui redirect rule)
Nat - Source any/any , Destinaion Host = my external ip, redirect to alias'd server and port 80 (same for 443)
Antilockout rule only shows 22 & 4433

I have other NAT'd services/ports with zero issues

TIA
Giz..
PS: My Brain Hurts

if using dns servers that use dnssec.   i typically leave enable dnssec turned off within opnsense
quad9
nextdns
and controld for my usage

Tks for the replies (Dec & Brandy)

Yeah, am thinking to leave opn alone and just use the fwd'rs at ns level
Giz..

Use malware protecting fwd'ers, like 9.9.9.11, or the like.
Use DNSSEC.
Config your fw rule to allow only your bind IP to goto your selected fwd'er.

From there it should be pretty good.

1) Okay so quad9 gives me: 9.9.9.9, 149.112.112.112  can I set that somewhere in opnsense and then configure my ns server to fwd to lan side of opnsense?
2) For this particular domain I have dnssec turned on at godaddy

Tks for the starting places to read up on.
Giz..

Noob here! (formerly a sonicwall guy)

Okay I have a couple opns (25.7.5) running now but am a little unsure of best practices with opnsense regarding nat'ed services
I currently have dns (bind9) running internally and nat'ed ns1 and it appears to be functioning. But ns1 is config'd to use google's ns servers.
I am looking for the best way (suggestive) to config opn and secure ns1 so it's dns is protected properly.

TIA
Giz..