portforwarding just does not want to work, been trying for days

Started by danieloff, February 02, 2025, 03:21:06 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 02, 2025, 03:21:06 AM
Hi!

My network looks like this:

ISP router LAN1 port (10.0.0.1) -> ESXi server NIC1 (10.0.0.254) with a virtualized OPNsense which also uses NIC2 of the ESXi for LAN (192.168.100.254) -> LAN switch
I also have a computer (10.0.0.231) connected to the "ISP router LAN2 port".

I want a portforward for 10.0.0.254:3389 -> 192.168.100.180:3389 (192.168.100.180 is on the LAN switch too)
And I want this to work from 10.0.0.231 computer, so I can connect with RDP to 10.0.0.254:3389 address ("nmap 10.0.0.254 -p 3389" from 10.0.0.231 should show me "open")

This is really not working, I have been diagnosing for days now. I have portforwarding setup,firewall rule setup, tried NAT reflection too and of course blocking private networks is disabled. Nothing interesting in the firewall logs either.

Any suggestions what could go wrong or what I should try?
I am really getting crazy :-(
February 02, 2025, 09:12:46 AM #1
1. You need outbound NAT from 192.168.100.0/24 to 10.0.0.254 for this to work too.
2. If your OpnSense log shows nothing, then obviously the problem is on the ESXI side, see this.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+
February 02, 2025, 09:47:04 AM #2
I would suggest to check firewall configuration on WAN interafce as well as port forwarding rule.

I would use tcpdump on interfaces WAN/LAN  interfaces to try to sort out the issue.

Hope this helps

Regards
February 02, 2025, 10:04:50 AM #3
Try [Firewall > Settings > Advanced > Miscellaneous > Disable reply-to]
February 02, 2025, 12:19:36 PM #4
Thank you all for the answers!!!

Some more info:
- I send you screenshots: https://imgur.com/a/Ql6fL7z
- I tried to create a manual outbound NAT with hybrid and manual configuration, but no change (included in screenshots).
- I have disabled ESXi firewall completely, but since this is s VM running under ESXi, I don't think it is related.
- pinging 10.0.0.254 works from 10.0.0.231 if I disable packet filtering, so this is another point why ESXi is probably not the culprit
- I have created screenshots of tcpdump too
- Also tried "Disable reply-to" but no change. Should I keep it that way when testing in the future?

Do you see anything that is wrong or what I should try?
February 02, 2025, 03:44:00 PM #5
It is working for everybody else, so it could be anything with your setup, not an OPNsense problem. 
February 02, 2025, 05:45:16 PM #6
I know, but I need some pointers where to start :-(
It is so weird, should be working... I just can't figure it out :-(
Print
Go Up Pages1
User actions