Port Forwarding issues

Started by fiR3W4LL87, January 22, 2023, 04:42:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 22, 2023, 04:42:17 PM
I am on the edge of desperation
I have now read several posts and howtos like:
https://forum.opnsense.org/index.php?topic=8783.0
but I still can't reach my goal.

The internal traffic works as desired via all the VLANS etc.. But when I want to share my gaming server, I just can't get to it and according to the opn-ports tools, the port is still shown as closed.

Now I ask myself, what am I missing?

I have a router from my ISP and have DMZ mode switched on, so it forwards everything to Opnsense. In the Opnsense I have entered the NAT Port Forwarding as in the forum above, from this a rule was directly set up in the WAN.

Under Firewall->Settings-> Advanced I have set the marks for Reflection for port forwards and Automatic outbound NAT for Reflection.

However, I cannot access it via my ext. IP.

Opnsense is still quite new territory for me, maybe that's the reason :P
January 22, 2023, 05:08:53 PM #1
issue is the NAT of your ISP router. you need to set your ISP router to just bridge and not NAT. if you want to keep everything same then you'd need to port forward the same on the ISP router as well.
January 22, 2023, 05:57:22 PM #2
Hi lilsense

Problem is, i cant set the Modem to bridge mode. It cant do that.
I could enable static route to the Opnsense box but dont want to setup two times the rules :(
January 22, 2023, 06:07:15 PM #3
I guess by "DMZ" feature you mean "exposed host" so all incoming connections are forwarded to your OPNsense?

In your inbound NAT Port Forwarding rule on OPNsense did you set "Filter rule association" to "pass"? Please try this.

Last, you will probably not be able to access your external ISP IP address from inside. The "reflection" or "hairpin" stuff as it is frequently called would need to be supported by your ISP router. It's not even necessary on your OPNsense.

So use a mobile internet connection and try again if you can reach the desired ports. After checking the NAT configuration as described above.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 22, 2023, 08:38:19 PM #4
I got it -.-
I hoped i didnt had to do it on that way. But i have to login into the Modem of the ISP and set the Port forwarding rule also there -.-
The DMZ function didnt work -.-
Such a shame
January 22, 2023, 09:12:38 PM #5
Quote from: fiR3W4LL87 on January 22, 2023, 08:38:19 PM
I got it -.-
I hoped i didnt had to do it on that way. But i have to login into the Modem of the ISP and set the Port forwarding rule also there -.-
The DMZ function didnt work -.-
Such a shame

The problem is, your ISP modem isn't allowing any traffic in on those ports, you have 2 ways to do this. Bridge mode OR  port forward those ports to the OPNsense box, doubble natting your setup works for going out, but anything in is not going to work properly.

Call the ISP  get a new modem that allows you to bridge ?  Or look for passthrough on the modem.
My Youtube Networing & Lab Videos :
----------------------------------------
https://www.youtube.com/jasonslabvideos
Print
Go Up Pages1
User actions