How to open ports on wan to internal ip

Started by kwekkerz, February 10, 2020, 05:09:21 PM

Previous topic - Next topic
February 10, 2020, 05:09:21 PM Last Edit: February 10, 2020, 05:26:17 PM by kwekkerz
I'm a newbie on OpnSense...so be kind ;-)
I want to open a port on my wan (5900 and 25565-25569) to my internal netwerk (10.25.50.*) But it wil not work ?
Blocked by "Default deny rule" .... (in my log Files)

Can somebody help me with this ?

Check if you can setup:
Firewall - Alias -> create Port alias with port 5900 and 25565:25569
Firewall - Alias -> create Host Alias with your torrent server.
then
Firewall - NAT - Port Forward -> use WAN interface select destination port Alias and server then save with default.
LAN rule should automatically be created

Docs
https://docs.opnsense.org/manual/nat.html

Good Luck
English: Never try, never know!
Deutsch: Unversucht ist Unerfahren!

I'm Using version 20.1 van Opnsense, and in my Firewall environment in the Tap Aliases i can select ports, but not the port Number ( in my case 5900) ???? or in hosts the IP adress ???

Maybe take a look here
https://www.youtube.com/watch?v=vSHRvZYfqco

And have a look on the attached screenshots.
Create Aliases is important otherwise you cannot set the internal Server nore ports
cheers a
English: Never try, never know!
Deutsch: Unversucht ist Unerfahren!

February 10, 2020, 06:46:27 PM #4 Last Edit: February 10, 2020, 07:14:50 PM by kwekkerz
Nope, this solution also doesn't work, same message in the Log Files "Default deny rule"
My internal network is 10.25.50.* ( could this be the reason of the blockout ?
see rid: 02f4bab031b57d1e30553ce08e0ec131

Well, then i am running out of opions.

Check also that your LAN network does not block private addresses.
Interfaces - LAN - Generic configuration - block private networks
English: Never try, never know!
Deutsch: Unversucht ist Unerfahren!

I confirm that the LAN network does not block private addresses.....?

You dont just have to allow it. You need to forward the Ports to the device you want to access from the outside.

(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support


February 11, 2020, 10:45:40 PM #9 Last Edit: February 11, 2020, 10:51:36 PM by haukened
Quote@lfirewall1243: You dont just have to allow it. You need to forward the Ports to the device you want to access from the outside.
This is the right advice

Try Firewall -> NAT -> Port Forward
Interface: WAN
Protocol: TCP+UDP
Destination: WAN Address
Destination Port Range:
    From: Other (Enter 5900)
    To: Other (Enter 5900)
Redirect Target IP: Single Host or Network (type in the internal IP address and select /32)
Redirect Target Port: 5900

Save and Apply.

For the range, do the same, but you'll only have to specify the starting port for "redirect target port", it'll automatically count the number of ports in the range you specified above and open the right number of ports.

Top....It Works  !!!! Yesss.... You Make my day very very good...now i can sleep ;-) love it. Thanks