OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • SOLVED: Troubleshooting port forwarding
« previous next »
  • Print
Pages: [1]

Author Topic: SOLVED: Troubleshooting port forwarding  (Read 3705 times)

jafinn

  • Newbie
  • *
  • Posts: 19
  • Karma: 2
    • View Profile
SOLVED: Troubleshooting port forwarding
« on: January 23, 2019, 08:55:20 pm »
I'm actually not quite sure where to start troubleshooting this and could use some guidance to get started.

I've had port forwarding on my OPNsense box working now for years. I haven't touched the rules but might have touched some other setting.. The port forwards are to multiple machines on my network so it is unlikely that I messed up all of them at the same time:)

I've tried the really basic stuff, rebooting, removing and adding the rule. I could of course try to roll back but I've changed a lot of settings in HAproxy and the LetsEncrypt plugin so that's mainly what's in my history.

Local IP:port works so the machines respond on LAN. My WAN address also responds as long as I'm connected to my LAN but not from WAN.. So the rule works with NAT reflection but not NAT? This is what puzzles me, why does it work internally but not externally?


Can anyone spot an obvious mistake? This one for example for Plex



And my advanced firewall settings

« Last Edit: January 24, 2019, 12:43:41 pm by jafinn »
Logged

jafinn

  • Newbie
  • *
  • Posts: 19
  • Karma: 2
    • View Profile
Re: Troubleshooting port forwarding
« Reply #1 on: January 24, 2019, 12:08:16 pm »
I've tried to do some more testing and if I add an IPv6 rule to forward ICMP to one of my hosts it works, the same rule for IPv4 doesn't respond.

The only trace I can see in the logs from the IPv4 ping is two different hits on WAN and LAN with "let out anything from firewall host itself". I can't see any incoming packets being blocked (or allowed for that matter). The source in the LAN hit is my external IP and the destination on the WAN one is the same external IP.

Since the IPv6 works fine and the ICMPv4 traffic appears in my logs as allowed I'm assuming this is most likely a NAT/routing issue? Any suggestion would be highly appreciated:)
Logged

jafinn

  • Newbie
  • *
  • Posts: 19
  • Karma: 2
    • View Profile
Re: Troubleshooting port forwarding
« Reply #2 on: January 24, 2019, 12:43:05 pm »
Finally found something helpful:)

Seems it is related to this issue https://forum.opnsense.org/index.php?topic=7132.0. Setting manual outbound NAT rules worked.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17661
  • Karma: 1611
    • View Profile
Re: SOLVED: Troubleshooting port forwarding
« Reply #3 on: January 25, 2019, 11:22:43 pm »
Thanks for posting the solution. The particular issue in the thread you reference was fixed in 18.1.6.


Cheers,
Franco
Logged

walkerx

  • Full Member
  • ***
  • Posts: 103
  • Karma: 4
    • View Profile
Re: SOLVED: Troubleshooting port forwarding
« Reply #4 on: January 26, 2019, 05:33:01 pm »
Also look at my post here where I was having similar issues.

I was recommended to also make a change to unbound dns, see this post

plex has since been working fine
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • SOLVED: Troubleshooting port forwarding
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2