Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Port forwarding / Firewall Destination Issue
« previous
next »
Print
Pages: [
1
]
Author
Topic: Port forwarding / Firewall Destination Issue (Read 3040 times)
FreeMinded
Newbie
Posts: 15
Karma: 0
Port forwarding / Firewall Destination Issue
«
on:
July 14, 2023, 02:10:55 pm »
I'm a recent immigrant from the pfSense World and the following situation drove me crazy. I suspect a possible bug (or at least an unexpected behavior) and would be happy to be enlightened by a OPNsense guru if it's not.
I set up a Port Forwarding from my main WAN Interface (WAN_FIBER_Port) to a local network IP. As destination address I had
WAN_FIBER_Port address
set. All the traffic hitting the Firewall was being rejected by the default deny / state violation rule. The Logs showed the Firewalls Public IP as destination. After a while I realized that the rule does not apply.
It started to work when I set the destination to any. Later I tried manually setting the public IP or
WAN_FIBER_Port net
and both worked as well.
I was - coming from pfSense - expecting that
WAN_FIBER_Port address
would be the public IP which the interface gets by DHCP in this case. Somehow this does not seem to be the case. Interestingly
WAN_FIBER_Port net
works.
Is this intended behavior?
Logged
vpx
Jr. Member
Posts: 87
Karma: 6
Re: Port forwarding / Firewall Destination Issue
«
Reply #1 on:
July 14, 2023, 02:21:38 pm »
It seems you only created a NAT rule but not a firewall rule. Or the automatic rule was not created because you set "Filter rule association" to "None" in the NAT rule.
You need:
a) NAT rule in "Firewall: NAT: Port Forward"
b) FW rule in "Firewall: Rules: WAN"
Logged
FreeMinded
Newbie
Posts: 15
Karma: 0
Re: Port forwarding / Firewall Destination Issue
«
Reply #2 on:
July 14, 2023, 02:41:33 pm »
The Firewall rule was created (automatically by the NAT Port Forwading rule).
But looking at the WAN Interface again, I might have found the reason. I get IPv4 address x.y.z.237/24 assigned. So it's not a /32 but a whole /24 subnet range. Still the IP address on the interface is clear and
WAN_FIBER_Port address
should point to it.
Logged
vpx23
Jr. Member
Posts: 91
Karma: 7
Re: Port forwarding / Firewall Destination Issue
«
Reply #3 on:
July 14, 2023, 05:04:17 pm »
So your WAN interface has the "IPv4 Configuration type" DHCP, right?
Is it a DHCP from your ISP or an own DHCP-Server?
Logged
FreeMinded
Newbie
Posts: 15
Karma: 0
Re: Port forwarding / Firewall Destination Issue
«
Reply #4 on:
July 14, 2023, 08:01:38 pm »
It's the DHCP from the ISP. Init7 to be precise.
Logged
vpx23
Jr. Member
Posts: 91
Karma: 7
Re: Port forwarding / Firewall Destination Issue
«
Reply #5 on:
July 14, 2023, 08:41:53 pm »
Looking at their product site they only provide a single IPv4 address (/32 or /31 subnet) or a /29 subnet with 5 addresses. So it's either a mistake in the configuration on their site or a bug in OPNsense.
Logged
FreeMinded
Newbie
Posts: 15
Karma: 0
Re: Port forwarding / Firewall Destination Issue
«
Reply #6 on:
July 17, 2023, 10:03:04 am »
I still think the
WAN_PORT_address
should point to the address on that interface, no matter what the subnet is. This does not seem to be the case.
Logged
vpx
Jr. Member
Posts: 87
Karma: 6
Re: Port forwarding / Firewall Destination Issue
«
Reply #7 on:
July 17, 2023, 03:14:38 pm »
In the Lobby->Dashboard under Interfaces does it show the correct IP for WAN_PORT?
Logged
FreeMinded
Newbie
Posts: 15
Karma: 0
Re: Port forwarding / Firewall Destination Issue
«
Reply #8 on:
November 06, 2023, 10:24:36 pm »
Quote from: vpx on July 17, 2023, 03:14:38 pm
In the Lobby->Dashboard under Interfaces does it show the correct IP for WAN_PORT?
yes, it does.
Logged
vpx
Jr. Member
Posts: 87
Karma: 6
Re: Port forwarding / Firewall Destination Issue
«
Reply #9 on:
November 07, 2023, 02:22:32 pm »
I guess it is somehow related to this bug:
https://github.com/opnsense/core/issues/5588
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Port forwarding / Firewall Destination Issue