Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Port Forwad fails
« previous
next »
Print
Pages: [
1
]
Author
Topic: Port Forwad fails (Read 3389 times)
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Port Forwad fails
«
on:
May 30, 2023, 08:23:35 pm »
OPNsense 22.7.11_1-amd64
I have a simple NAT forward rule so my son can make an offsite backup to my NAS.
Never had any problem with
Untill now, after his IP has changed. Changed the settings in OPNSense and all I get is this error:
Default deny / state violation rule
What am I doing wrong?
Logged
Patrick M. Hausen
Hero Member
Posts: 6795
Karma: 571
Re: Port Forwad fails
«
Reply #1 on:
May 30, 2023, 08:29:19 pm »
If you do not show us the details of your port forward rule, it's impossible to tell.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Re: Port Forwad fails
«
Reply #2 on:
May 30, 2023, 08:36:53 pm »
Agree.
Here is a screenshot.
Logged
Patrick M. Hausen
Hero Member
Posts: 6795
Karma: 571
Re: Port Forwad fails
«
Reply #3 on:
May 30, 2023, 08:46:20 pm »
You need to navigate to Firewall > Aliases and change the IP address for Bert_Home to the one you son is using. The default deny rule log should give you the information which one is actually active.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Re: Port Forwad fails
«
Reply #4 on:
May 30, 2023, 08:48:02 pm »
The IP was already changed.
Actually, this is the only setting I changed.
Logged
Patrick M. Hausen
Hero Member
Posts: 6795
Karma: 571
Re: Port Forwad fails
«
Reply #5 on:
May 30, 2023, 08:49:32 pm »
Double check if the IP you configured matches the one reported in the live view and the default deny entry. Same for the destination port range.
Apart from that: no more ideas over the forum, sorry.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Re: Port Forwad fails
«
Reply #6 on:
May 30, 2023, 08:52:07 pm »
Where do I find the defaul deny rule entry?
Logged
Patrick M. Hausen
Hero Member
Posts: 6795
Karma: 571
Re: Port Forwad fails
«
Reply #7 on:
May 30, 2023, 09:00:17 pm »
Go to Firewall > Log Files > Live View
I assumed that's where you got the info that the connection hits the default deny rule. Find a denied packet to that specific port(s) and click on the (i) to the right.
This will give you all details about the connection attempt. There should be a mismatch somewhere. Possibly your son is now using a connection with carrier grade NAT and the IP address his router is showing him as "external" in reality isn't?
You might want to read into setting up a VPN connection. Just a suggestion.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Re: Port Forwad fails
«
Reply #8 on:
May 30, 2023, 09:22:58 pm »
This is the info from live view.
No idea what's wrong.
Logged
Patrick M. Hausen
Hero Member
Posts: 6795
Karma: 571
Re: Port Forwad fails
«
Reply #9 on:
May 30, 2023, 09:26:30 pm »
So 192.168.1.2 is your WAN address? That's odd to say the least.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Re: Port Forwad fails
«
Reply #10 on:
May 30, 2023, 09:31:08 pm »
The network behind the modem is 192.168.1.x/24.
I setup a DMZ to 192.168.1.2, which is the WAN port of the OPNSense Box.
There is nothing else on the 192.168.1.x network.
Logged
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Re: Port Forwad fails
«
Reply #11 on:
May 30, 2023, 09:59:48 pm »
What I don't understand is there are more forward rules. All working well. Only that single rule, where the external IP changed, refuse to work.
Logged
Patrick M. Hausen
Hero Member
Posts: 6795
Karma: 571
Re: Port Forwad fails
«
Reply #12 on:
May 30, 2023, 10:15:52 pm »
Try to put the IP address into the rule verbatim instead of an alias.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Re: Port Forwad fails
«
Reply #13 on:
May 30, 2023, 10:22:02 pm »
I already tried this.
Also allow any on that port. No succes.
Logged
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Re: Port Forwad fails
«
Reply #14 on:
May 31, 2023, 09:32:37 pm »
Fixed. Don't ask me how.
First I changed the source by any. Works.
Next I changed source by network. Still working.
Narrowed it down to one IP. The settings I started with. Still working.
I don't get it.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Port Forwad fails