NAT: Port Forward- destination WAN address vs Public IP

[MangledBit]

When I configure port forwarding to use the `WAN address` resources/server not reachable.

- Destination: WAN address

However if I utilize I can reach the resource/server just fine defining destination `Single IP or Network` as my public IP.

- Single IP: my public IP

Shouldn't the Public IP and the WAN Address be the same?
Suggestions for troubleshooting?

[Greelan]

My port forwards are set up on WAN interface with destination WAN address and work fine. You don't have some funky multi WAN setup? I'm assuming the WAN interface is actually bound to the public IP?

[MangledBit]

Thank you for taking a moment to respond!

My setup is very basic. I recently upgraded to symmetrical fiber service. Currently have a dynamic IP however to my knowledge that shouldn't affect this process.

Version: 21.1.3_3

Modem Alcatel-lucent G-010g-a -> Firewall -> Switch

No multi WAN setup

The only thing deviating from the standard install

- Sensei
- https://forum.opnsense.org/index.php?topic=8783.0  [Tutorial] How I do port forwarding - simple and straightforward
- Unbound DNS: Blacklist for ad blocking


` I'm assuming the WAN interface is actually bound to the public IP?`

When initially setting up WAN interface during install time it did correctly pull the public IP so I assume it's bounded. is there a way for me to check?

[MangledBit]

Public IP: xxx.xx.xx.65

Taken from `WAN interface (wan, igb0)`
IPv4 address xxx.xx.xxx.216/19
IPv4 gateway xxx.xx.224.1

I think the public IP should be reflected in the WAN interface...


screen shot windows 7

[MangledBit]

  Interfaces: Diagnostics: DNS Lookup


Wan IPv4 address xxx.xx.xxx.216/19  is the IP to opnsense firewall which I normally log into via `192.168.1.1`

Response    
Type    Address
   OPNsense.localdomain
Resolution time per server    
Server    Query time
127.0.0.1    25 msec
1.1.1.1    9 msec
1.0.0.1    5 msec

[MangledBit]

I believe this has to do with Metronet Internet service provider.

https://www.reddit.com/r/Metronet/comments/ieohps/does_metronet_provide_a_standalone_not_a_combo/

Public IP -> Metronet Router -> ONT (provides private IP from Metronet router) -> Your Router (has private IP from metronet as the WAN IP) -> Computer/Device (has private IP from your router)... Metronet does not provide you with a public facing IP address be default. They use what is called Carrier Grade NAT. "Carrier Grade" means nothing. You end up with a double NAT situation

Outside of dedicated IP is there anything else I could try to do to remedy the situation?

[MangledBit]

PS C:\Users\Main> tracert 1.1.1.1

Tracing route to one.one.one.one [1.1.1.1]
over a maximum of 30 hops:

   1    <1 ms    <1 ms    <1 ms  OPNsense.localdomain [192.168.1.1]
  2     *        *        *     Request timed out.
  3     1 ms     1 ms    <1 ms  10ge7-5.core1.rst1.he.net [184.105.27.57]
  4     4 ms     3 ms     3 ms  100ge8-2.core1.blp1.he.net [184.105.65.157]
  5     4 ms     4 ms     4 ms  100ge8-2.core1.msp1.he.net [184.105.64.97]
  6     4 ms     4 ms    16 ms  AS13335.micemn.net [206.108.255.45]
  7     4 ms     4 ms     5 ms  one.one.one.one [1.1.1.1]

[MangledBit]

Perhaps I created an alias of the domain name url that references the Public IP address which is tied to a dynamic DNS service.  Then I can use that as a destination for port forwarding because it resolves to my  public IP?

works for only Automatic outbound NAT for Reflection