Port Forwarding

[kdmiller45]

I have a webserver setup at 192.168.1.20, OPNSence is fully functional , how to I forward all request outside to the inside.
I need to forward  port 80,8080,9000,7000. I had port forwarding setup on the router no problems and working

[bartjsmit]

Firewall, NAT, Port Forward. Destination - WAN Address, Redirect Target - IP 192.168.1.20, Destination Port Range - HTTP.

Create aliases for the three non-standard ports under Firewall, Alias, View and repeat the port forward for them.

Test from a true external address (e.g. phone with WiFi off)

Bart...

[kdmiller45]

Still having issues, is there a setup log that can sent for someone to look over

[bartjsmit]

Can you attach a screenshot of your aliases and port forward pages?

[kdmiller45]

Please find attached per your request the Aliases and Port config as .gif and thanks for the help

[bartjsmit]

That is a host alias. You need port aliases for TCP 8080,9000 and 7000. You also need four separate port forwarding rules (since the ports are not contiguous).

Where it says 'Destination port range' you need to select HTTP for the first rule, and then the three port aliases that you have created for 8080, 9000 and 7000 for the other three rules.

Screenshots attached

Bart...

[kdmiller45]

got a question shouldn't the destination address be Lan Address, is there a document that explains the reasoning. my line of thought is I am forwarding packet request coming from the outside and therefore the destination should point to my internal address (LAN address) far beit me to question when I am the one asking for help, just trying to understand

[kdmiller45]

Am I actually going to Firewall/Rules and following your instructions or when you say rules you mean within Firewall/Port Forward

[bartjsmit]

All the rules are in Firewall, NAT, Port Forward.

The destination address is the WAN address of the firewall, since that is the IP address before NAT. External clients can't see 192.168.1.20, so the firewall does the translation from the WAN address to the internal host.

Don't worry about asking questions - every firewall interface has its own way of describing concepts and it takes a while to completely grasp the logic behind OPNsense.

[kdmiller45]

for some reason I am still having issue, here is another thing tied into the firewall, before when using Microsoft IIS I could right click on the domain name,manage website and select Browse the site would open up to the front page,it no longer does that it comes back with "The connection has timed out", they both are tied to the phsense firewall as they were working fine before. by the way I do love the firewall, just an experience getting it to forward to the webserver 192.168.1.120  internal Static IP. as an additional note I can ping the server by IP

I also see a list of icons that are used in the Firewall: NAT: Port Forward list to explain their status, I see two that are supposed to denote the Rule status "Enabled rule" and "Disabled rule" no where do I see them used in the created rules

[kdmiller45]

Sorry

[bartjsmit]

Looks plausible. Have you tested?

BTW it will be more secure to use a VPN to access the admin console from the outside, or configure it for 2FA