Help port forwarding

Started by Ricard_D, April 09, 2025, 11:34:01 AM

Previous topic - Next topic
April 09, 2025, 11:34:01 AM Last Edit: April 09, 2025, 11:38:10 AM by Ricard_D
Hi,

I have just installed a device with OPNsense 25.1.4_1 and I have my WAN up and running throught PPPoE with VLAN tag (as required by my ISP).

The problem I am struggling now is that port forwarding is not forking for me. I can access to a dedicated server inside my LAN, however I am unable to access externally. Neither pointing directly to external IP nor using my duck dns account. I know I am not in CG-NAT as using ISP router I was able to access without issue.

currently using ISP router configured as modem (no routing)--> OPNsense--> switch--> LAN devices

I followed this forum topic: https://forum.opnsense.org/index.php?topic=8783.msg207712#msg207712

My port forwarding route is as following

No RDR: disabled
Interface WAN
IPv4+IPv6 (tried as well IPV4)
TCP/UDP
Origin: any
Origin port: any
Destination: WAN address
Destination port: 8097 to 8097
IP objective: 192.168.1.150 (server LAN IP)
Objective port: 8097
NAT reflection: Enabled (tried disabled as well)
Associated to filtering rule

I tried as well on firewall-->settings-->advanced NAT reflection options without any sucess

Looking at firewall log I can see in green source IP trying to accesss server on 192.168.1.150 with response "let out anything from firewall host itself" in green, so I assume packetts are being received and processed by OPNsense however not forwarded. When I check my port 8097 (with a web service) it appears as closed.

Any clues on what is wrong on my setup?

EDIT:

*my outbound NAT is configured as automatic rules.

Thanks,



Hi,

It is even weirder as I am able to open some ports to my NAS on 192.168.1.158 but not on 192.168.1.150.

Deleting the 192.168.1.150 rules and copying the working one from x.158 is not working either. I can't access from dDNS nor direct IP.

Any suggestion?

Thanks,

Does 192.168.1.150 have

- the correct netmask
- OPNsense as its default gateway

?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

Some NAS boxes block access from anything other than the local LAN )the subnet they're directly connected to).

Hi,

Issue solved!! While upgrading to opnsense I didn't realize my network config on the x.150 server was done at hand and pointing to wrong gateway. That explains why opening ports on NAS was working while in the server not.

Thanks for your responses. :)