Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Weird port forward issue behind potential double nat?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Weird port forward issue behind potential double nat? (Read 1396 times)
keanu
Newbie
Posts: 13
Karma: 2
Weird port forward issue behind potential double nat?
«
on:
March 01, 2021, 11:27:47 am »
Hi all,
So, this may be a bit of a weird post, and I apologise. First off, I'd like to say that i'm aware that this isn't the norm. Long story short. I was given the opportunity to rack a server in a datacenter under a work rack, all well and good. It started getting a bit dangerous when adding firewall rules on the main firewall and as such, I opted to essentially "Pass through" a static IP to my vmware box, and run a nested copy of opnsense on there. Everything is working fine (per say), got internet access, can access (certain*) ports outside, but then recently i've had a friend ask me to host a gameserver for him. Nomatter what we try, we can't access the server via the static IP. Tried it via a OpenVPN connection direct to the OPNSense box, and it works. The ports are all forwarded, have confirmed in the logs, etc. It'll even show up as "Connecting" on the gameserver, but then time out. Just can't figure out why though?
(*Certain meaning except from current issue)
The way it's setup is as follows:
Datacenter cable drop --> pfsense baremetal --> My ESXI --> OPNSense --> VM
The weird part of it is, whilst looking through the logs of the pfsense box, it's passing everything through as expected. All fine. When I get to the OPNSense box, the ports it's trying to connect on have changed (Sometimes only slightly, e.g. +1 on the port). The PFSense box has a 1:1 NAT setup, blocking to other vLANs and then an allow all rule on it. That's pretty much it. So i'm not entirely sure what's going on after that?
What's even weirder is that certain parts of it (e.g. say portainer) works fine. Portforward it through, and I can access it externally without an issue. I've even tried setting up a diagnostic "Allow all" rule, same issue, so i'm confident it's not a firewall issue, maybe something to do with the NAT? But as far as i'm aware, the nat on the main pfsense box is being bypassed and ignored, exactly how I wanted.
I have the following rules set:
1:1 NAT:
Pfsense baremetal:
Interface: WAN
Source: PublicIP
Internal IP: 10.20.0.254 (IP of my OPNSense)
Destination IP: *
Outbound NAT:
PFSense baremetal:
Interface: "mydedicatedport"
Source: 10.20.0.254 (IP of my OPNSense)
Source Port: TCP/UDP/*
Destination: *
Destination Port: TCP/UDP/*
NAT Address: Public IP Address
NAT Port: *
Static Port: Checked
And on the OPNSense install:
Interface: WAN
Source: 10.20.1.152/32 (IP of server)
Source Port: TCP/UDP/*
Destination: *
Destination Port: TCP/UDP/*
NAT Address: WAN Address
NAT Port: *
Static Port: Checked
And a Port Forward on the OPNSense router of;
Interface: WAN
Protocol: TCP/UDP
Source Address: *
Source Ports: *
Destination Address: WAN Address
Destination Port: Alias inc the following ports: 2456:2459, 4380, 27000:27031, 27036
Target IP (NAT IP): 10.20.1.152
Target Ports (NAT Ports): Same as Dest port Alias
I can't think what else it could be though, I don't have this issue with anything else I port forward through the setup, so i'm a bit stuck onto where to go from here.
Any suggestions are greatly appreciated.
Thanks in advance!
Logged
keanu
Newbie
Posts: 13
Karma: 2
Re: Weird port forward issue behind potential double nat?
«
Reply #1 on:
March 04, 2021, 10:26:15 am »
Just a quick bump so it doesn't get lost in the forums!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Weird port forward issue behind potential double nat?