Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall Rules WAN Assistance
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall Rules WAN Assistance (Read 1720 times)
baqwas
Jr. Member
Posts: 62
Karma: 3
Firewall Rules WAN Assistance
«
on:
April 26, 2021, 03:17:21 pm »
Hello!
In early January '21, @marjohn56 helped me with Firewall Rules WAN setup. It worked and I was able to renew a cert for my NAS server for 90 days. With the renewal time now imminent I noticed that the pass through to NAS is no longer working as confirmed by the port forwarding utility at
https://www.yougetsignal.com/tools/open-ports/
. I need some help in getting back to let traffic through to the NAS server.
Here are my current settings:
Alias
:
For MailServer
Enabled: checked
Name: MailServer
Type: Host(s)
Content: IP addresses of MailServer
Statistics: unchecked
Description: MailServer
For ports
Enabled: checked
Name: MailServer_ports
Type: Port(s)
Content: 25, 465, 587, 993, 995
Description: MailServer
Rules
1st active rule
Action: Pass
Disabled: unchecked
Quick: checked
Interface: WAN
Direction: in
TCP/IP Version: IPv4
Protocol: TCP
Source/Invert: unchecked
Source: any
Source port range: from: any to: any
Destination/invert: unchecked
Destination: MailServer
Destination port range: from: MailServer_ports to: MailServer_ports
Log: checked
Category: MailServer
Description: MailServer
Source OS: Any
No XMLRPC Sync: unchecked
Schedule: none
Gateway: default
In short, I have aliases for the NAS server and the ports to be forwarded and I am using these in the Rules definition. Some self-inflicted/inexperience change at my end has led to the loss of specific pass through functionality. What could be preventing the pass through, please? Thanks.
Kind regards.
Logged
rhubarb
Newbie
Posts: 47
Karma: 1
Re: Firewall Rules WAN Assistance
«
Reply #1 on:
April 28, 2021, 04:18:59 am »
This is a sort of a complicated setup, so I don't know what all is happening here. Without knowledge of this overall configuration, it's difficult for someone in the forum to diagnose.
You're passing private addresses from your WAN. Packets incoming on WAN are typically destined to a public address, like the WAN address itself. Since your interface is WAN, and the destinations are private, then these packets couldn't route through the internet. (Unless you're behind another NAT server or something.)
I think you need to use a NAT Port Forward configuration to pass traffic destined for the public IP to your mail server. Your WAN rules must allow traffic to the WAN interface address, not a private space address.
Logged
baqwas
Jr. Member
Posts: 62
Karma: 3
Re: Firewall Rules WAN Assistance
«
Reply #2 on:
April 29, 2021, 01:25:06 am »
@rhubarb, thanks!
Kind regards.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall Rules WAN Assistance