Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Port Forward - Did I Do It Correctly?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Port Forward - Did I Do It Correctly? (Read 1775 times)
spetrillo
Hero Member
Posts: 721
Karma: 8
Port Forward - Did I Do It Correctly?
«
on:
May 16, 2020, 02:17:09 pm »
I need to port Forward UDP 123, 500, 4500 out from a single address on my internal network. I set it up as follows:
Interface: WAN interface
Protocol: UDP
Source: Single Host or Network/192.168.x.x/24
Source Port Range: 123 to 123
Destination: Any
Destination Port Range: any/any
Redirect Target IP: Single Host or Network/192.168.x.x
Redirect Target Port: 123
Pool Options: Default
Is this correct??
Logged
utahbmxer
Newbie
Posts: 42
Karma: 0
Re: Port Forward - Did I Do It Correctly?
«
Reply #1 on:
May 21, 2020, 06:21:11 am »
Are you trying to make a internal server/device accessible to the internet? If so, your rule is misconfigured.
Interface: WAN interface
Protocol: UDP
Source:
Any
(unless you want to restrict what internet hosts can talk to your internal host)
Source Port Range:
Any
Destination: WAN Address
Destination Port Range: <
Use an alias containing the ports needed
or clone the rules and make sure one exists for each port you need to pass>
Redirect Target IP: Single Host or Network (your internal server)
Redirect Target Port:
Same as Destination port above
Pool Options: Default
Also, it looks like you are port forwarding for IPsec. If that is the case you should also create a rule which is the same as above, but change the protocol from UDP to ESP. This will disable all the port fields for the NAT rule since ESP is a protocol and does not operate on a "port" like TCP/UDP.
Logged
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: Port Forward - Did I Do It Correctly?
«
Reply #2 on:
May 21, 2020, 07:31:47 pm »
I have a device that needs port 123, 500, and 4500 open. I have uPNP enabled but the device does not seem to use it. My next thought was to explicitly port forward.
Does that clarify?
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: Port Forward - Did I Do It Correctly?
«
Reply #3 on:
May 21, 2020, 11:06:11 pm »
As long as your wan side is not a private subnet and your are just forwarding inside a private network, I assume you mixed source and destination.
On wan side with public internet, 192.168.x.x. will never be a valid source ip.
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Port Forward - Did I Do It Correctly?