[SOLVED] dnat not registering firewall rule

Started by ybc, February 22, 2026, 09:12:38 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 22, 2026, 09:12:38 AM Last Edit: February 22, 2026, 09:38:56 AM by ybc
hi,
i just spun up vm of opensense on proxmox
Versions
OPNsense 26.1.2_5-amd64
FreeBSD 14.3-RELEASE-p8

But when I try to create a port forward with the register rule selected, it doesn't create any entries in the firewall rules table.
I have the reflection for the destination NAT setting checked. I reset opnsense to the default settings with the same result.
WAN is disconnected for now, and i'm only connecting to opn via LAN ip to configure everything from my pfsense config. Any pointers?
Interfaces are assigned (WAN/LAN), but WAN interface on proxmox is disconnected for now before going live.

I'm not sure if I'm doing something wrong, but on my pfsense the same steps create an associated rule.

SOLUTION
NVM, I had to expand the list to see it, since it doesn't expand by default?


March 24, 2026, 10:58:45 PM #1
could you please explain what you meant by "had to expand the list to see it"? what list do you mean?

i just created a destination NAT rule on my OPNsense installation (26.1.5), selecting "Register rule", hitting the "Apply" button -- and then when i go look in the "Rules [new]" page, there is still no associated firewall rule there. the number of rules (in my case, 19) does not increase by one when i repeat this process again.
March 24, 2026, 11:07:51 PM #2 Last Edit: March 24, 2026, 11:37:12 PM by nero355
Quote from: ybc on February 22, 2026, 09:12:38 AMSOLUTION
NVM, I had to expand the list to see it, since it doesn't expand by default?
Quote from: CautionaryCushion on March 24, 2026, 10:58:45 PMcould you please explain what you meant by "had to expand the list to see it"? what list do you mean?
IIRC the New Firewall Rule associated with the Destination NAT Rule is placed between the Pre-defined Rules that are not shown by default and need to be expanded by the user in the "New Firewall Rules webGUI" :)

/EDIT :
See below for a better explanation by @OPNenthu !!
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
March 24, 2026, 11:20:17 PM #3
If you used the "Register rule" option then it creates an associated system-generated F/W rule.  There's a separate category for those that you can only see if you enable the "Inspect" mode in Firewall->Rules [new].  The category is labeled as "Automatically generated rules."

There are actually two such buckets, one at the start of the ruleset and one at the end: https://docs.opnsense.org/manual/firewall.html#processing-order

The DNAT F/W rule goes in the second one (at the end of ruleset).

Example screenshot from a test VM attached.



N5105 | 8/250GB | 4xi226-V | Community

https://www.youtube.com/watch?v=XI9NG068TwI
Print
Go Up Pages1
User actions