Port forwarding not working (sometimes)

Started by TimK, February 14, 2022, 04:55:20 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 14, 2022, 04:55:20 PM Last Edit: April 07, 2022, 11:30:19 AM by TimK
Hi, I have a strange issue with port forwarding a reverse proxy from my DMZ and I need your help for debugging.
Occasionally the ports 443 and 80 are not reachable from the internet. The port forwarding for VPN (Wireguard) is always (!) working fine. Just my website I am hosting is not reachable from the outside. From inside or VPN everything is fine. I also asked my ISP if they are blocking any ports and they said no. If I reload the PppoE connection, it (sometimes) resolves the issue. This also provides a new IP address by the ISP.

My Setup is quite straight worward:


There is a Webserver hosting a Nextcloud in VLAN1. There is a DMZ with a reverse proxy with ports 80 and 443 forwarded and I use dynamic dns to resolve my domain to my IP address. Again, this works like a charm for Wireguard. Only 443 and 80 brake...

As you can see, there is also a port forwarding rule for VPN.





Reflection for port forwarding is activated



Sometimes if I reload the connection, It works again (but not today. Be my guest to try yourself https://nextcloud.baltic-hosting.de)


Dynamic DNS is also working and the IP is correctly resolved.


WAN interface Setup


I am open for any ideas how to debug this issue. I tried to trace the WAN interface for connections. But it got me no clue what is wrong. Mostly the issue appears if I restart the machine hosting the Firewall. Sometimes it happens out of nothing (I guess it has something to do with the ISP changing the IP but again VPN is working without issues and it references to se same domain)  :-\

Thank you for any help.
February 15, 2022, 11:23:11 AM #1
Hi!
QuoteI guess it has something to do with the ISP changing the IP
oh! real-life scenario!  ;D
can you try with
Code Select
opnsense-patch -a kulikov-a 4848bd6
please?
(tries to use the new feature of pfctl util)
February 15, 2022, 01:21:08 PM #2 Last Edit: February 15, 2022, 01:25:59 PM by TimK
Done. Currently NAT workes (I needed to do a reboot of the VM, afterwards the system got a new IP and for the moment it works..).



what to do now?
February 15, 2022, 01:32:15 PM #3
thanks!
Quotewhat to do now?
see if behavior changes )
February 15, 2022, 02:06:43 PM #4
Aye. Thank you sir.
February 28, 2022, 11:05:03 AM #5 Last Edit: February 28, 2022, 11:45:57 AM by TimK
Hi unfortunately today at 10:37 the issue occured again. Also, VPN went offline but was reachable shortly after. The DNS Record is resolved correctly. Any clues how I could debug this issue? Thank you for any hints.

                                                               
2022-02-28T10:45:00    Error    opnsense     /usr/local/etc/rc.dyndns: Dynamic DNS: (Success) IP Address Updated Successfully!                                                               
2022-02-28T10:45:00    Error    opnsense     /usr/local/etc/rc.dyndns: Dynamic DNS: updating cache file /var/cache/dyndns_wan_baltic-hosting.de_0.cache: 85.233.15.97                                                               
2022-02-28T10:35:58    Notice    opnsense     plugins_configure newwanip (execute task : webgui_configure_do(   wan))                                                            
2022-02-28T10:35:58    Notice    opnsense     plugins_configure newwanip (execute task : vxlan_configure_interface())                                                               
2022-02-28T10:35:57    Error    opnsense     /usr/local/etc/rc.newwanip: warning: ignoring missing default tunable request: debug.pfftpproxy                                                               
2022-02-28T10:35:57    Notice    opnsense     plugins_configure newwanip (execute task : unbound_configure_do(   wan))                                                            
2022-02-28T10:35:57    Notice    opnsense     plugins_configure newwanip (execute task : openssh_configure_do(   wan))                                                            
2022-02-28T10:35:57    Notice    opnsense     plugins_configure newwanip (execute task : opendns_configure_do())                                                               
2022-02-28T10:35:57    Notice    opnsense     plugins_configure newwanip (execute task : ntpd_configure_do())                                                               
2022-02-28T10:35:55    Error    opnsense     /usr/local/etc/rc.newwanip: Dynamic DNS: (Success) IP Address Updated Successfully!                                                               
2022-02-28T10:35:55    Error    opnsense     /usr/local/etc/rc.newwanip: Dynamic DNS: updating cache file /var/cache/dyndns_wan_baltic-hosting.de_0.cache: 85.233.15.97                                                               
2022-02-28T10:35:54    Notice    opnsense     plugins_configure newwanip (execute task : dyndns_configure_do(   wan))                                                            
2022-02-28T10:35:54    Notice    opnsense     plugins_configure newwanip (   wan)                                                            
2022-02-28T10:35:54    Error    opnsense     /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface Internet.                                                               
2022-02-28T10:35:54    Notice    opnsense     plugins_configure vpn (execute task : openvpn_configure_do(   wan))                                                            
2022-02-28T10:35:54    Notice    opnsense     plugins_configure vpn (execute task : ipsec_configure_do(   wan))                                                            
2022-02-28T10:35:54    Notice    opnsense     plugins_configure vpn (   wan)                                                            
2022-02-28T10:35:54    Error    opnsense     /usr/local/etc/rc.newwanip: IP address change detected   killing states of old ip 85.233.18.218                                                            
2022-02-28T10:35:54    Error    opnsense     /usr/local/etc/rc.newwanip: The WAN_DHCP6 monitor address is empty   skipping.                                                            
2022-02-28T10:35:54    Error    opnsense     /usr/local/etc/rc.newwanip: The GW_LAN monitor address is empty   skipping.                                                            
2022-02-28T10:35:54    Error    opnsense     /usr/local/etc/rc.newwanip: The INTERNET_PPPOE monitor address is empty   skipping.                                                            
2022-02-28T10:35:54    Notice    opnsense     plugins_configure monitor (execute task : dpinger_configure_do())                                                               
2022-02-28T10:35:54    Notice    opnsense     plugins_configure monitor ()                                                               
2022-02-28T10:35:54    Error    opnsense     /usr/local/etc/rc.newwanip: ROUTING: creating /tmp/pppoe0_defaultgw using '185.111.71.254'                                                               
2022-02-28T10:35:54    Error    opnsense     /usr/local/etc/rc.newwanip: ROUTING: removing /tmp/pppoe0_defaultgw                                                               
2022-02-28T10:35:54    Error    opnsense     /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to 185.111.71.254                                                               
2022-02-28T10:35:54    Error    opnsense     /usr/local/etc/rc.newwanip: ROUTING: IPv4 default gateway set to wan                                                               
2022-02-28T10:35:54    Error    opnsense     /usr/local/etc/rc.newwanip: ROUTING: entering configure using 'wan'                                                               
2022-02-28T10:35:54    Notice    opnsense     plugins_configure hosts (execute task : unbound_hosts_generate())                                                               
2022-02-28T10:35:54    Notice    opnsense     plugins_configure hosts (execute task : dnsmasq_hosts_generate())                                                               
2022-02-28T10:35:54    Notice    opnsense     plugins_configure hosts ()                                                               
2022-02-28T10:35:53    Error    opnsense     /usr/local/etc/rc.newwanip: On (IP address: 85.233.15.97) (interface: Internet[wan]) (real interface: pppoe0).                                                               
2022-02-28T10:35:53    Error    opnsense     /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'pppoe0'                                                               
2022-02-28T10:30:00    Error    opnsense     /usr/local/etc/rc.dyndns: Dynamic DNS: (Success) IP Address Updated Successfully!                                                               
2022-02-28T10:30:00    Error    opnsense     /usr/local/etc/rc.dyndns: Dynamic DNS: updating cache file /var/cache/dyndns_wan_baltic-hosting.de_0.cache: 85.233.18.218                                                               
2022
April 07, 2022, 11:29:49 AM #6
Hi, since I checked Dynamic state reset in Firewall > Settings > Advanced all is fine and port forwarding works ever since.
Print
Go Up Pages1
User actions