HOWTO - Port Forwading in Opnsense

[yeraycito]

Example Port Forwading

LAN: 192.168.50.1/24

IP LOCAL PORT FORWADING: 192.168.50.18

PORT: 40

1 - In OPNSENSE/Firewall/Settings/Advanced:

          - Enable Reflection for port forwards

          - Enable Automatic outbound NAT for Reflection

          - Save changes

2 - IN OPNSENSE/Firewall/NAT/Port Forward:

          - +Add

          - Interface: WAN

          - Protocol: TCP

          - Destination: WAN address

          -  Destination port range:        from           to
                                                          any            any

          -  Redirect target IP:        Single Host or Network
                                                      192.168.50.18

          - Redirect target port:     (other)
                                                     40

          - Description: ( optional )

          - NAT reflection: Use system default

          - Save changes

WARNING: Port 40 is OPEN

How to protect the port with suricata:

1 - In OPNSENSE/Services/Intrusion Detection/Administration: ( Settings tab )

          - Enable advanced mode

          - Enable suricata - Enable IPS mode

          - Pattern matcher: Hyperscan

          - Interfaces: LAN

          - Home networks: 192.168.50.1/24         ( lan example )

          - Save changes

2 - In OPNSENSE/Services/Intrusion Detection/Administration: ( Donwload tab )

          - Enable ALL categories

          - Manually edit all categories individually:
                Imput Filter: Change all alerts to drop actions

          - Donwnload & Update Rules

3 - In OPNSENSE/Services/Intrusion Detection/Administration:  ( Rules tab )

          - Search emerging scan
         
          - ( On page 11 of the search results ) Enable ET SCAN NMAP -sS window 1024

          - Apply

4 - Restart OPNSENSE