Guidance - Firewall rule for 2 different endpoints

[khile]

Hi all,

New to Opnsense and trying to setup a firewall rules the send traffic to 2 different servers depending on what they need


one is for things like plex, etc (ie plex.khile.com) and then I have another for home assistant xxx.duckdns.com) but because I use the Alexa and google integration to control smart things i need to drop the:8123 on the end of the url so alexa will play nice


i use  Nginx Proxy Manager hosted on my unraid server to do proxy stuff that's on local ip 192.168.1.12 and then what ever port the application is on 32400 etc

then i have home assistant on 192.168.1.168

currently if i put the home assistant firewall rule first all external access to plex ect stops working and if i swap then around then i lose external access to home assistant.

I'm probably missing something easy but any help or guidance would be greatly appreciated

[viragomann]

If you have multiple rule with the same conditions the first one wins if traffic matches them.
As conditions are considered interface, protocol, source address and port, destination address and port.

Since both rules match traffic to destination port 443, the second one is ignored.
You can forward a certain port only to a single service.

You can forward all to the reverse proxy and let it do the forwarding to the backend servers.

BTW: your Plex need a port range from 443 to 18443 to be forwarded?
And the HA 443 to 8143?