Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Trouble setting up port forwarding
« previous
next »
Print
Pages: [
1
]
Author
Topic: Trouble setting up port forwarding (Read 8964 times)
cmay
Newbie
Posts: 12
Karma: 0
Trouble setting up port forwarding
«
on:
August 26, 2019, 10:07:52 pm »
Hi. I am new to OPNSense and just got my system up. First thing I am trying is to get a SSH port forward set up to my linux box, with no luck. Attached below is the setup of my port forward settings:
I also went into Firewall > Settings> Advanced and set Reflection for port forwards and Automatic outbound NAT for Reflection to checked as was recommended by other posts here with port forward issues, but same result.
«
Last Edit: August 27, 2019, 08:12:04 am by cmay
»
Logged
cmay
Newbie
Posts: 12
Karma: 0
Re: Trouble setting up port forwarding
«
Reply #1 on:
August 27, 2019, 08:56:33 pm »
Still no luck setting this up. Any help would be appreciated.
Logged
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: Trouble setting up port forwarding
«
Reply #2 on:
August 27, 2019, 09:55:53 pm »
When you added the NAT rule, had you selectd "Add associated filter rule" ?
Can you please post your rules for WAN, too?
What type of IP is bound to your WAN interface? Fixed IP or PPPoE?
If it is a fixed IP is it a private one ore a public official IP?
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
cmay
Newbie
Posts: 12
Karma: 0
Re: Trouble setting up port forwarding
«
Reply #3 on:
August 27, 2019, 10:04:52 pm »
I'm pretty sure I did. I didn't add the WAN rule and it is listed there. Below is the screenshot of my WAN rules.
My WAN IP is a Cox home internet dynamic IP (one of those dynamic IPs that lasts for ages though). Port forwarding was working before I set up OPNSense with a Linksys router flashed with DDWRT, so nothing Cox is doing is blocking it.
Logged
waxhead
Jr. Member
Posts: 55
Karma: 7
Re: Trouble setting up port forwarding
«
Reply #4 on:
August 28, 2019, 01:41:45 am »
Have you tried to enable/disable NAT reflection ?
https://docs.opnsense.org/manual/nat.html
Logged
cmay
Newbie
Posts: 12
Karma: 0
Re: Trouble setting up port forwarding
«
Reply #5 on:
August 28, 2019, 05:46:16 am »
Yes I have tried that and also Automatic outbound NAT for reflection as suggested in a how-to on the FAQ page. Screenshot of Firewall > Settings > Advanced below:
«
Last Edit: August 28, 2019, 05:49:26 am by cmay
»
Logged
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: Trouble setting up port forwarding
«
Reply #6 on:
August 28, 2019, 09:58:49 am »
So there is a router in front of your WAN?
Can you please connect your pc or laptop with WAN and verify that Port 22 ist really not working.
Can you please verify that on LAN the device you are forwarding, too has port22 really open?
Maybe the IP on WAN side has changed and therefore the portforwarding from your wan router is not pointing to the correct IP?
If you have private network range on WAN side, have you checked block all traffic from private network on WAN interface?
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
cmay
Newbie
Posts: 12
Karma: 0
Re: Trouble setting up port forwarding
«
Reply #7 on:
August 28, 2019, 12:22:59 pm »
Thank you so much for taking the time to troubleshoot this with me.
No, there is no router in front of my WAN. The cable modem's internet out port plugs directly into the OPNSense WAN interface. (If you were confused about the linksys router reference, I was saying that before I replaced that DDWRT router with the OPNSense box, port forwarding worked fine over my ISP, so it isn't something being blocked at the ISP level).
I can SSH fine into the machine in question over the LAN, have been doing it all week, so I know SSH is up and running on it (and it has been workin for years via that now retired router that OPNSense replaced).
I think we can knock out the following question now that I've cleared up that there is no router in front of OPNSense: " Maybe the IP on WAN side has changed and therefore the portforwarding from your wan router is not pointing to the correct IP?
"
For this question "If you have private network range on WAN side, have you checked block all traffic from private network on WAN interface?" I may be in a little over my head with this (but I really want to learn), but I do not understand what you mean when you ask if I have a private network range on WAN side. I will research and see if those settings are set.
An added bit of info, from my Mac terminal I get "connection refused" immediately (doesn't timeout) when trying to SSH to my WAN addresss from an external network (at work). I looked at the live logs and saw no denied connections from my work's ip to my home OPNSense box. Is there another place I should be looking for logs?
Again, thanks for all your help.
«
Last Edit: August 28, 2019, 12:31:37 pm by cmay
»
Logged
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: Trouble setting up port forwarding
«
Reply #8 on:
August 28, 2019, 01:11:50 pm »
What IP do you have on WAN side? Is it the offical IP from the internet from your service provider or does your WAN gets an private adress (for example 192.168.x.x) from the cable modem.
If it is a private address maybe got to your WAN interace configuration and check if the two options "block private networks" and "block bogon networks" are checked on the interface.
If it is a private adress, your cable modem and your WAN side have a private transfer network. I know of some cable configuration where the modem is not n bridged mode. This sometimes leads to confusions with forwardings after replacing a modem. Maybe your opnsense has not the same private address on wan side like the linksys had and this maybe could cause this problem. This applies only if you have a private network on WAN side in place.
Hope you understand what I try to explain.
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
cmay
Newbie
Posts: 12
Karma: 0
Re: Trouble setting up port forwarding
«
Reply #9 on:
August 28, 2019, 06:43:43 pm »
The WAN IP is the official internet IP, not a private address (the cable modem is indeed in bridge mode).
Logged
cguilford
Full Member
Posts: 130
Karma: 15
Re: Trouble setting up port forwarding
«
Reply #10 on:
August 28, 2019, 06:56:11 pm »
I think a few people have had problems here and there by looking through the forums, it could just be a bad rule, most have been resolved by deleting the rule out and redoing it.
Logged
cmay
Newbie
Posts: 12
Karma: 0
Re: Trouble setting up port forwarding
«
Reply #11 on:
August 31, 2019, 07:59:07 pm »
After trying to delete and recreate the rules, and reading countless posts and possible fixes on the forums, I decided to just try reinstalling OPNSense from scratch. After reinstalling and recreating the forward rules, all is working now. I guess it was just a glitchy install. Thanks for all the help.
Logged
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: Trouble setting up port forwarding
«
Reply #12 on:
August 31, 2019, 09:54:52 pm »
Thanks for the reply :-)
Good it works now.
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Trouble setting up port forwarding