No access from remote computer

Started by dcol, March 27, 2025, 01:07:36 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 27, 2025, 01:07:36 AM
Help, I cannot get SMB access with a remote user.
I setup a dedicated opnsense firewall using one of my static WAN IP's as the WAN to allow access to/from a single remote user.
OPNsense has the LAN set to 192.168.40.1/24 and the WAN as 99.99.99.99 (using this IP as WAN example)
The IP of the local user is 192.168.40.26 which is what I want the remote user access to.
Let say the IP of the remote user is 50.50.50.50 for now which may change to dynamic later on, so I can just use an Alias when that happens.

All I need is for only the one remote user (50.50.50.50) full access to the local user (192.168.40.26) on all ports. No other access allowed.
I can ping 99.99.99.99 from 50.50.50.50, so I know there is a connection with an ICMP allow rule I put in the WAN rules.
I tried just one WAN rule making the source 50.50.50.50 to any. Didn't work
I tried just one LAN rule making the source any to destination any. Didn't work
I tried both together.

For more info, this local computer has a dedicated NIC with it's IP as 192.168.40.26. This plugs into the OPNsense box. The only other NIC in the OPNsense box is the one for the connection to the WAN IP 99.99.99.99.
There are no active Windows or any other firewalls running on the local or remote computers.

This should be simple, only one remote user to access only one local IP. The main reason I am using OPNsense instead of Windows firewall is because I need to ultimately use an Alias with the remote domain name info.
March 27, 2025, 01:21:09 AM #1
Your Devices are on Private subnet.

When you reach outside of a Public network such as internet it doesnt know where is your Private Range, it doesn't care.

If you want to point a specific Service to a dedicated host you need to use port forwarding.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
March 27, 2025, 12:36:09 PM #2
1:1 NAT may work for this case (if "all ports" is a requirement), but the remote user would need to connect to 99.99.99.99, since (as pointed out already) 192.168.x.x is private (RFC 1918) IP space that is not routable on the internet. If use of the 192.168.40.26 address on the remote client is a requirement, a VPN would be the only way (if it's possible on the client side).
March 27, 2025, 04:17:17 PM #3
Main reason I have stayed away from OPNsense IPsec VPN, which is the first thing I tried, is the ports are blocked by the clients ISP. Not sure how to get around it. Their answer is a paid VPN service that they support in their modem.
I also tried RadminVPN which did not allow the Quickbooks app to connect.
I just need only the remote user (50.50.50.50) to get to all ports on the server (192.168.40.26)
I tried 1:1 NAT, didn't work either.
Maybe nothing will work since the ports I need may be blocked by the ISP.
There has to be a way to do this.
March 27, 2025, 04:37:26 PM #4
For IPsec try to change the port NAT-T.
Or use Wireguard and you can choose any port you want.

If your ISP is blocking some services to enforce subscription services (which would made me search for different ISP), they most likely block well know ports. But they can not block all ports thus this give you the possibility to configure VPNs such as Wireguard as you like on any port.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
Print
Go Up Pages1
User actions