Port forwarding problem, redirecting to Web Server rule

Started by yamly, December 01, 2020, 03:57:26 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 01, 2020, 03:57:26 PM
Hey guys.

I need to access an http server from outside (wan) and also internally as well.
I am working in a VM, already installed and confugured OPNSense. I also got two Linux machines. The one has an Apache Server up and running and I want the other Linux VM machine to be able to hit the WAN IP in Opnsense and be redirected there, thus seeing the "Apache2 Debian Default Page" that's up and running.


Already followed those instructions in OPNsense:
QuoteAdd the port forwarding rule to send any incoming HTTP and HTTPS traffic to your webserver.
Click Firewall ==> NAT ==> Port Forward
Click the Add button to add a new Port Forward rule
Select the following information
   Interface: WAN
   TCP/IP version: IPv4
   Protocol: TCP
   Destination: WAN Address
   Port range: From: HTTP to HTTP
   Redirect target IP: Single Host or Network(and added this machine's internal IP)
   Redirect target port: ThisPC's_internal_Ip (let's say 192.168.100.103)
   NAT reflection: Enable (Pure NAT), also tried Use System Default
   Filter rule association: Add associated filter rule
   checked log.
Click Save and Apply Settings.

So, when I go into my other PC's settings and enter the OPNsense's WAN address into a browser, it just freezes and does nothing.

Later on, I would like to install Suricata and access it from outside of the VPN, but from a PC in my LAN area.

What am I doing wrong? Thanks in advance!
December 01, 2020, 03:59:52 PM #1
Firewall: Settings: Advanced

At least enable "Reflection for port forwards"
,,The S in IoT stands for Security!" :)
December 01, 2020, 04:07:32 PM #2
Thanks for the reply. Did, still nothing though.
December 01, 2020, 04:17:07 PM #3
Just to be sure: do you have a firewall rule that allows traffic from your "client" to your WAN address port 80?
,,The S in IoT stands for Security!" :)
December 01, 2020, 05:35:22 PM #4
Yes. I think so.
Firewall -> Rules -> WAN

Protocol  Source  Port    Destination      Port              Gateway  Schedule      Description
IPv4 TCP    *     *        192.168.100.102    80 (HTTP)      *             *              REDIRECT TO WEB SERVER

Any other ideas?
December 01, 2020, 05:41:04 PM #5
You need a rule on the LAN interface to allow that traffic destination WAN address. Or any/any rule. Do you have a rule there?
,,The S in IoT stands for Security!" :)
December 01, 2020, 05:46:33 PM #6
Yes. I believe so. Everything is properly set up.

What else could the problem be?

Thanks.
December 01, 2020, 06:56:20 PM #7
Problem semi-solved. Did a fresh install.

I can access it from a Linux in my VM,

I can not access it from a PC, outside of my VM. For example, I can not access it via my host(physical PC), in my LAN.

Any help?

Print
Go Up Pages1
User actions