Traffic from LAN to WAN not being port forwarded

[brettks]

I have port forwarding set up and everything working expected except for traffic originating from my LAN not being forwarded correctly if I attempt to connect from within the LAN using the WAN address.

For instance, TCP traffic to mydomain.com that originates from internet is being forwarded to a server within my LAN appropriately. However, if I make the same request while connected within the LAN, my opnsense router is responding instead of the server that is set up to receive the port forward. I'm sure this is a simple firewall rule that I'm not seeing, but any guidance is appreciated.

[nzkiwi68]

What you need is a NAT rule for the LAN traffic.

NAT rules operate for traffic arriving on that interface.

You need a "Port Forward" for your LAN traffic that is destined to your WAN interface.

In FreeBSD, you can't have traffic from your LAN NAT'd outbound to arrive on your WAN interface that then gets NAT's back into the LAN again, looping if you will.

So, imagine this network:

• LAN network: 192.168.1.0 /24
• WAN static IP: 200.200.200.200
• OPNsense LAN: 192.168.1.254
• Webserver on LAN: 192.168.1.100

Your LAN interface port forward will be:
Interface: LAN
Proto: TCP
Address: *
Src Ports: *
Destination: 200.200.200.200
Dst Ports: 80
NAT IP: 192.168.1.100
NAT dst Ports: 80


Let's write that out....

Traffic arriving on the LAN interface, that is destined to the IP address of 200.200.200.200 and destined to TCP port 80, we will NAT this to go to a new destination IP address of 192.168.1.100 with the same destination port.

[brettks]

That did the trick. Thank you!