Dual wan setup. 1:1 nat redirecting to firewall login and port

[shtech]

Trying my first 1:1 nat, using an ip on our 2nd wan (wan2). Incoming traffic from outside works fine. firewall web gui port is set to 4433, so https://192.168.1.1:4433

However inside our lan port 80 and 443 don't work for the domain that uses the 1:1 nat. If i try to visit the domain, it spins and spins until finally changes the url to https://www.domain.com:4433

I've found this thread (https://forum.opnsense.org/index.php?topic=22819.msg108561#msg108561) and i changed settings to only answer firewall gui requests on the local lan. This fixed it appending the port 4433 but still not working. I'm missing something.

OPNsense 23.7.4-amd64, created a 1:1 nat.
external: wan2-IP/32
source: lan-IP/32
Nat reflection: default (reflection for 1:1 to is enabled).

[shtech]

I finally switched it to a port forwarding nat, creating a group for ports and applying a firewall rule like i always do. Reflection doesn't work as expected, so i finally had to add overrides in unbound. however this server has about 30 domains on it... i didn't want to create that many overrides.

Based on the amount of posts of issues with this, it seems that it doesn't work as intended in opnsense.

I spun up a pfsense and followed their doc on it, it works as expected. Seems it is an opnsense issue. If someone has some pointers, and i've read way too many forum and reddit posts on this issue and the opnsense docs, i'm open to suggestions. Still couldn't make it work properly. Especially the reflection part.

[Monviech (Cedrik)]

I know this hasn't been well documented, so I wrote a guide for NAT Reflection:

https://forum.opnsense.org/index.php?topic=34925.0

It's on it's way into the OPNsense docs.

As additional information, I have an opnsense with 50 one to one nat rules, just as many port forward and custom snat rules, and all reflection and hairpinning works. That's why I wrote that guide to share my knowledge.