Topics

1

21.1 Legacy Series / Port forwarding issues, what setting do I have wrong?

« on: May 28, 2021, 06:21:03 am »

Hi all, so I've been trying to port forward a dayz server for a while now and I've had no luck. I cloned existing, working firewall rules without any luck, and I also manually added a firewall rule allowing traffic from my internal machine (dl380-g6) to any wan address, as I saw mentioned elsewhere. (I also deleted the floating rule as a test, no change still)

The ports refuse to open though. I've struggled with port forwarding almost every time I try to do it, and I'm not sure why cloning existing rules doesn't work.

https://imgur.com/a/OMvokHF

2

20.1 Legacy Series / Port forwarding is inconsistently not working, as well as second external IP.

« on: May 22, 2020, 07:52:29 am »

Hi all, so this is something I was struggling with on the previous production series (19.7) and it's still an issue, after upgrading and after doing a complete fresh install of opnsense 20.1, restoring my config, and updating.

Essentially I'm trying to open up a port for TCP/UDP, and no matter what I try it doesn't open, sites like canyouseeme can't see the port open and trying to connect to something like a game through that port also doesn't work.

In this instance it's 25445 for one of my servers, DL380-G6 that's refusing to work.

I've cloned existing rules that do work, and show an open port on test sites, and allow connections, such as teamspeak, but when I try to add anything new it doesn't work and it's driving me absolutely insane.


On top of that I have a second public static IP which I want to use, however if I add that as a virtual IP it kills my network.

I had that working at one point too and then one day it shat the bed, and no longer worked so I had to move all my hosting back onto the first static IP.

I'm at my wits end with this and have made a couple other topics about this with loads of screenshots and no solutions have been found so I'm hoping posting my whole damn config will maybe get someone who knows more about this to spot why the hell it isn't working.

Frankly I would  switch over to pfsense since every google search is overloaded with results for that instead of opnsense but my hardware is too old for the newest versions.

3

19.7 Legacy Series / Unable to open port 25001 no matter what I try.

« on: April 27, 2020, 11:52:58 pm »

Hi all, so I'm running into an issue trying to open port 25001 for TCP and UDP. I don't know why but no matter how I configure the rules, including cloning an already existing, and working rule, but this port won't open.

I'm wondering if maybe it's because it's an oddly high port that it's causing issues? I have noticed some other weird behaviour with my router, like it not actually rebooting when I send it a command but firewall rules seem to apply, and I've tried shutting down and giving it a hard reboot, and the rules stuck but the port won't open. I also don't have the option to update to the new production series for some reason in the update section either.

edit: Well shit it just showed up now so I'll update I guess and see if that fixes this too.

It's just really puzzling that cloning a rule and changing the port and target aren't working.

https://i.imgur.com/Bhl0ASY.jpg
https://i.imgur.com/MZYjyp.jpg

edit: well the update had no effect on this.

edit 2: Looks like those open port checker sites don't work with all ports for some reason because I know my teamspeak server works, but the ports don't register as open on multiple sites that check them, I wonder why. Maybe whatever is blocking those sites from working is stopping this game from being able to connect as well.

4

20.1 Legacy Series / Need help with port forwarding and multiple static IPs on one interface.

« on: February 14, 2020, 06:52:37 am »

Hi all, so this is incredibly frustrating as my setup had been working, but now it's not and I'm not sure why.

Essentially, I have the ONT provided by my ISP and two external IP addresses available, the desired effect is to have all network traffic default through one, and specific internal IP addresses route through the second.

I have a virtual IP set up for the second address, adding one for the first kills my internet connection. I also have an alias set up for the virtual machine I want on this external IP.

The firewall rules I had set all had been working until last night, however there was an issue with vpn software on the virtual machine host, I had to remove it and reconfigure the network settings, but everything on the host and virtual machine is back to normal, however, I can't get the virtual machine to switch over to the external IP address no matter what I do, and it's driving me insane!

I noticed OPNSense is somewhat slow to apply firewall rules and that's probably not helping much when trying to adjust things, but whatever the solution to this is, I need help figuring it out.

The main IP address I want to use ends in .190 and the one ending in .189 is the one that's for specific use.

I have no one to one or outbound rules since those haven't seemed to fix anything, and they weren't required in the past for this to work.

https://imgur.com/a/OUHMLYb

5

19.7 Legacy Series / IP table block rule not working, clone of working geoip rule.

« on: January 25, 2020, 02:15:12 pm »

Hi all, so having an issue getting a blacklist I set up to work, I set up an alias as an ip list, cloned my geopip rule, which is working as I can see it in the live log, and selected my new blacklist as the source, unfortunately it doesn't seem to be working and I'm not sure why. I've uploaded some screenshots hoping people can maybe give me more info.

Also for some reason it took ages for my router to actually reboot after I applied the rules, and now there are loads of "default deny rule" entries showing in the live feed that weren't there before.

Weird but those don't appear to be affecting anything from a cursory glance.

https://imgur.com/a/nJ6VkhG

6

18.7 Legacy Series / Connect single internal IP to second External IP provided by isp?

« on: January 25, 2019, 05:07:36 am »

Hey everyone, so this is probably going to be a bit confusing, hopefully not too much so, and hopefully I can explain what I'm trying to do.

So, for starters to "set the scene", my ISP provides on a vlan, for static IP addresses, it's vlan 3000.

My OPNSense box only has two Ethernet ports, and I've gotten it set up and working for a while now without any issues, with one going to the optical network terminal and the other to a 48 port managed switch.

What I want to do now however, is move a web server onto a second static IP that my ISP has assigned, so that I can keep my personal stuff on it's own external IP, and monitor traffic for the web server individually.

Now, poking around in the wan interface, it looks like I might be able to add another upstream gateway on the ipv4 field, not sure if that's correct or it will work, so looking for clarification on that.

I'm also then wondering how I go about only selecting a single internal IP address to use this second gateway. Considering I only have two ethernet ports on my opnsense box, and the machine I want to use the second gateway is a virtual machine, setting specific interfaces to be their own vlan or isolate them completely isn't going to be an option, so I'm a little lost on how I can get this going, and hopefully someone can provide a link to a tutorial or something like that to show how it's done.

Thanks.

7

18.7 Legacy Series / Unable to access website via url on internal network.

« on: November 10, 2018, 11:16:32 am »

Hello all, so thankfully I was able to figure out my previous issue even though I got no input on it from others, apparently you not only need NAT rules but floating rules as well.

I have all of my stuff working correctly except for one thing, I am unable to access my website using the url when I am on the local network, I have to use the IP of the machine hosting it. It's not a big issue or anything but if possible I would like to be able to just type in the url and have it work as it did previously.

What changes do I need to make to do this?

8

18.7 Legacy Series / Port forwarding for hosted website on port 80 not working 100% (teamspeak too)

« on: November 05, 2018, 11:19:00 am »

Hey all, so another hiccup I've ran into with opnsense so far is for a website that I host, I set up the port forwarding for it in the same manner I did for other things like my sftp server, and it works, but not quite right.

I can no longer access the website on my lan by typing the url in like I could previously, I have to go to the virtual machine's IP address.

I also noticed that it was inconsistent as to whether or not putting http:// in front of the url would allow access or not, often timing out without using it, but it would work with it. The website also worked fine directly typing the IP in.

I noticed a lot of random connects and instant disconnects though and tried hidemyass, and I noticed that from other countries (my cell phone does work) the url does not work but the ip address does, and I have my dns service pointing to the right one. With or without http:// in the url, I couldn't connect.

I changed the management port to 440 for opnsense and disabled the browser redirect as mentioned in some other threads, but nothing seems to be getting this to work quite right as it had been when I was just using the isp provided router.

Here are the settings for port forwarding, I'm hoping to get this fixed asap. Unfortunately I'm at a dead end.

9

18.7 Legacy Series / [solved] No internet access from client with DHCP, only on static IP's?

« on: November 05, 2018, 03:44:07 am »

Hey all, so I was tearing my hair out for over half an hour trying to figure out why I wasn't getting any internet access on opnsense, when I used vnc to connect to a machine that has a static IP set up in windows.

Turns out that with out of the box opnsense, any computers I have set to a static IP will connect to the internet no problem, no bandwidth issues, nada, but anything that is set to DHCP can see opnsense and stuff on the lan, but can't connect to the internet, and I haven't a clue why.

I tried turning off the dhcp service, and setting the lan from static ip to dhcp, but then that basically stopped me from being able to get into opnsense at all and I had to reinstall.

Here's a bunch of screeenshots of what I can tell are the relevant sections, the floating firewall rule I added as someone else mentioned they had a connectivity problem and that fixed it, but my static IP machines had internet access even without that.

https://imgur.com/a/IoH0P3F

There's more I want to do with this, basically my ISP is providing me with two static IP's, and I want to assign the second one (which will be using the wan interface as well) to a subnet or vlan on the lan interface (same physical port) and have some vm's or other devices use that, I have a managed switch, but right now I just need to get dhcp working.

I'm brand new to this thing as a whole, been wanting to do it for a while and forced to jump in due to the isp being annoying, and having their tech support gone, so figured I may as well get around to replacing their router. Hopefully it's just something simple and quick I missed.

edit: oh yeah, so it automatically set lan to static ip as you see, if I try to change it to dhcp it complains that the server is running on this interface, even if I stop it from the dashboard, so I went into services and disabled dhcp, then set the lan interface to dhcp, however then I couldn't log in even after a reboot, presumably because the dhcp service wasn't enabled. It seems to be a catch 22, and I'm not quite sure why static ip is being enabled by default.