Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Port-Forward on WAN with private IP
« previous
next »
Print
Pages: [
1
]
2
Author
Topic: Port-Forward on WAN with private IP (Read 5539 times)
ChrisVH1982
Newbie
Posts: 21
Karma: 0
Port-Forward on WAN with private IP
«
on:
February 27, 2021, 10:59:08 pm »
Dear community,
I've been trying getting Port-Foward to work from WAN to LAN using a private IP for WAN interface. Yes, a private IP address for testing!
I created a Port Forward rule which seem to be okay. It works when selecting the LAN interface as source interface and destination but it does not work out on WAN interface.
WAN: 192.168.19.67
LAN: 192.168.20.68
WAN interface does NOT block private networks
WAN interfaces does NOT block bogon networks
Reflection for port forwards is ON
What is the special thing about the WAN interface?
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: Port-Forward on WAN with private IP
«
Reply #1 on:
February 27, 2021, 11:23:29 pm »
Are you testing this from a host in the LAN subnet, the WAN subnet or somewhere beyond the WAN upstream gateway?
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
ChrisVH1982
Newbie
Posts: 21
Karma: 0
Re: Port-Forward on WAN with private IP
«
Reply #2 on:
February 28, 2021, 12:57:26 am »
I am testing from a host in WAN subnet using a private
IP subnet, different from LAN subnet.
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: Port-Forward on WAN with private IP
«
Reply #3 on:
February 28, 2021, 01:02:57 am »
Most likely: Firewall -> Settings -> Advanced -> Disable reply-to on WAN rules
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
ChrisVH1982
Newbie
Posts: 21
Karma: 0
Re: Port-Forward on WAN with private IP
«
Reply #4 on:
February 28, 2021, 01:31:37 am »
Tried already w/o success
Logged
lfirewall1243
Hero Member
Posts: 1386
Karma: 45
Re: Port-Forward on WAN with private IP
«
Reply #5 on:
February 28, 2021, 08:39:33 pm »
Network plan please:)
Logged
(Unoffial Community) OPNsense Telegram Group:
https://t.me/joinchat/0o9JuLUXRFpiNmJk
PM for paid support
ChrisVH1982
Newbie
Posts: 21
Karma: 0
Re: Port-Forward on WAN with private IP
«
Reply #6 on:
February 28, 2021, 11:05:17 pm »
Sure :-)
Logged
lfirewall1243
Hero Member
Posts: 1386
Karma: 45
Re: Port-Forward on WAN with private IP
«
Reply #7 on:
March 01, 2021, 08:16:35 am »
Quote from: ChrisVH1982 on February 28, 2021, 11:05:17 pm
Sure :-)
What are you trying to do?
That looks very strange to me
Lan and Wan interface in the same switch? Where's your ISP?
Logged
(Unoffial Community) OPNsense Telegram Group:
https://t.me/joinchat/0o9JuLUXRFpiNmJk
PM for paid support
ChrisVH1982
Newbie
Posts: 21
Karma: 0
Re: Port-Forward on WAN with private IP
«
Reply #8 on:
March 01, 2021, 09:26:00 pm »
This is for testing and getting familiar with opnsense. I would like the WAN interface accept requests from a private IP. Technicially speaking this must be feasible.
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Port-Forward on WAN with private IP
«
Reply #9 on:
March 02, 2021, 03:14:54 pm »
Hi
can you share associated pf rule string from
Firewall: Diagnostics: pfInfo -> Rules tab?
Logged
ChrisVH1982
Newbie
Posts: 21
Karma: 0
Re: Port-Forward on WAN with private IP
«
Reply #10 on:
March 02, 2021, 04:03:19 pm »
Not sure if that string will help?!
@0 scrub on lo0 all fragment reassemble
[ Evaluations: 1051590 Packets: 64 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
@1 scrub on hn1 all fragment reassemble
[ Evaluations: 1051517 Packets: 545136 Bytes: 19245212 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
@2 scrub on hn0 all fragment reassemble
[ Evaluations: 506377 Packets: 506334 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
@0 block drop in log on ! hn1 inet from 192.168.20.0/24 to any
[ Evaluations: 381920 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
@1 block drop in log inet from 192.168.20.68 to any
[ Evaluations: 335661 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
@2 block drop in log on ! hn0 inet from 192.168.19.0/24 to any
[ Evaluations: 294085 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
@3 block drop in log inet from 192.168.19.67 to any
[ Evaluations: 294088 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Port-Forward on WAN with private IP
«
Reply #11 on:
March 02, 2021, 04:09:24 pm »
no. there should be a rule with tcp port 8080 on WAN
Logged
ChrisVH1982
Newbie
Posts: 21
Karma: 0
Re: Port-Forward on WAN with private IP
«
Reply #12 on:
March 02, 2021, 09:19:40 pm »
8080 is not showing up at all and I already attemped to open 192.168.19.67:8080 to trigger such message.
Just the WAN IF IP is showing up:
@3 block drop in log inet from 192.168.19.67 to any
[ Evaluations: 319832 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
--------------------------------
But 8080 appears on Firewall: Diagnostics: pfInfo -> NAT tab
@0 no nat proto carp all
[ Evaluations: 2210 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
@1 nat on hn1 inet proto tcp from (hn1:network:1) to <SVRWEB2:1> port = http -> (hn1) port 1024:65535 round-robin
[ Evaluations: 2210 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
@2 nat on lo0 inet proto tcp from (lo0:network:1) to <SVRWEB2:1> port = http -> (lo0) port 1024:65535 round-robin
[ Evaluations: 19 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
@3 nat on hn0 inet proto tcp from (hn0:network:1) to <SVRWEB2:1> port = http -> (hn0) port 1024:65535 round-robin
[ Evaluations: 3 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
@4 nat on hn0 inet proto tcp from (hn0:network:1) to <SVRWEB2:1> port = http -> (hn0) port 1024:65535 round-robin
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
@5 nat on hn1 inet proto tcp from (hn1:network:1) to <SVRWEB2:1> port = http -> (hn1) port 1024:65535 round-robin
[ Evaluations: 3 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
@6 nat on lo0 inet proto tcp from (lo0:network:1) to <SVRWEB2:1> port = http -> (lo0) port 1024:65535 round-robin
[ Evaluations: 3 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
@0 no rdr proto carp all
[ Evaluations: 413640 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
@1 no rdr on hn1 proto tcp from any to (hn1:2) port = http
[ Evaluations: 413633 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
@2 no rdr on hn1 proto tcp from any to (hn1:2) port = https
[ Evaluations: 14 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 36645 State Creations: 0 ]
@3 rdr log on hn1 inet proto tcp from any to (hn1:1) port = 8080 -> <SVRWEB2> port 80 round-robin
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Port-Forward on WAN with private IP
«
Reply #13 on:
March 02, 2021, 09:43:43 pm »
the rule should be there for the packets to pass (the rule should have been created automatically when you created the port forward rule).
Quote
attemped to open 192.168.19.67:8080 to trigger such message
not just "open". firewall rules evaluation occurs after the translation. that is in the firewall rule the destination should be the redirection address. to avoid mistakes you can try to delete and re-create the port-forward rule. a pass-rule should be automatically created.
Logged
ChrisVH1982
Newbie
Posts: 21
Karma: 0
Re: Port-Forward on WAN with private IP
«
Reply #14 on:
March 02, 2021, 10:01:19 pm »
I re-created it a couple of times already and thanks to refleciton setting, I find the rule in "FW > Rules > WAN".
Logged
Print
Pages: [
1
]
2
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Port-Forward on WAN with private IP