Port forwarding woes - CLOSED

Started by Benderisgreat, March 07, 2025, 10:27:03 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 07, 2025, 10:27:03 AM Last Edit: March 07, 2025, 11:50:37 AM by Benderisgreat Reason: Now closed
Hi

Just switched from physical based router and PiHole for my routing/firewall/DNS solution

I have all my routing set up and firewall config ok.

I am now trying to set up port forwards, which on my Asus router was a doddle.

I am currently using Proxmox on a 19" server with 4x Ethernet

1* Opensense wan
1* Opensense lan
1* Private servers
1* Internet facing servers

I am using a managed switch which will be used to Vlan the physical ethernet port.

What I want to ultimately have is my internet facing services (game servers, photo servers, wiki etc) on a VLAN isolating from internal servers.

So to try this out I have created a new VM and used the Private server ethernet device. This works and I can reach the new server from inside the network.

I tag the ethernet device with a different Vlan tag and I can no longer see the server.

Now to the port forwarding part
For all of this I have switched of Vlan and all server are on the same Vlan.

So I have set a new NAT port forwarding

Interface: wan
TCP: Ipv4
Protocol TCP
Destination: wan net
Destination port: from 4444 to 4444
Redirect IP: 192.168.x.y
Redirect port: 88 (listened to by Apache for test)
Nat reflection: enable
Filter rule association: None

And added a new rule
Action: Pass
Quick: True
Interface: wan
Direction: in
TCP: IPv4
Protocol: TCP
Source/Invert: false
Source: Any
Destination/Invert: false
Destination: single host = 192.168.x.y/24
Destination port range: from 88 to 88
No XML: disabled
Gateway: default
Advanced: all default

Now I can see the server from inside network fine, going to 192.168.x.y:88 takes me to the server

However, going to my public IP:4444 causes timeout.

I look in firewall log and can see that my redirect rule has kicked in and that the inbound rule is working (green entry on firewall log) and that the outbound "let out anything from firewall host itself" rule has kicked in (green entry on firewall log)
But my device (mobile phone) does not see the server page!

Any thoughts as I have tried lots of different options!!

Thanks BiG
March 07, 2025, 11:10:08 AM #1
Update:

Updated to 25.1 and cross posted there too.
March 07, 2025, 11:49:40 AM #2
Closed - OP was being dense. Forgot to add gateway to the server..... Traffic getting but it couldn't respond 😬😞
Print
Go Up Pages1
User actions