Port forwarding issues, what setting do I have wrong?

[XOIIO]

Hi all, so I've been trying to port forward a dayz server for a while now and I've had no luck. I cloned existing, working firewall rules without any luck, and I also manually added a firewall rule allowing traffic from my internal machine (dl380-g6) to any wan address, as I saw mentioned elsewhere. (I also deleted the floating rule as a test, no change still)

The ports refuse to open though. I've struggled with port forwarding almost every time I try to do it, and I'm not sure why cloning existing rules doesn't work.

https://imgur.com/a/OMvokHF

[Greelan]

Just create port forward rules with destination WAN address rather than WAN net, and with filter rule association for automatic firewall rules. Easy

[XOIIO]

Well, if that's the majority of my issues I'll smack my head in a wall. Tried it and still no joy but maybe I still made a mistake somehow? Have to run back to work since my lunch is over so can't test more.

https://imgur.com/a/HHipS56

[Greelan]

Are you testing from within your network? Try changing the NAT reflection setting in the port forward to Enable. I have a vague feeling that previously I found just telling it to use system defaults was not enough, even if those defaults were correct (under Firewall>Settings>Advanced, I always have "Reflection for port forwards" and "Automatic outbound NAT for reflection" enabled)

[XOIIO]

I've been using port checkers on the game server and changing my ftp servers port, and also tethering my phone to my laptop to try from the external network. No luck on all fronts.

I'll take a look at those settings when I'm done work in an hour and a half ish and report back

[Greelan]

Are you sure the DL380_G6 alias is pointing to the right internal IP? And there is no firewall blocking traffic on that machine?

[XOIIO]

Definitely the right IP and I have 2302 and 2303 opened up in the firewall, but I also have the program itself allowed to go through completely since it didn't work with only the ports.

Works fine on LAN

[Greelan]

I'd double-check that you are forwarding all the right ports. Eg do you need a steam port in there? Working on the LAN doesn't answer this, as presumably you have allow all rules on the LAN interface. Maybe check what traffic is going to the server

[XOIIO]

2302 is the game server, 2303 is the steam discovery port and the others are some misc ones that may or may not be used by it, so I opened those up as well just in case.

[XOIIO]

I have the same NAT settings, also tried manually switching from default and no luck again, uhg.

[XOIIO]

Ok, well it seems like you can't bind a specific IP address in the startup batch file for the server so I bet the damn thing is binding to the wrong IP address. I tried adding the second IP for my server into it's alias but that brought it all down so now to try and figure this out.

I have my mellanox card set to be the first one in that windows (metric?) setting, and have my other four nics in an LAG group that should be second billing. apparently that's not enough though.

[XOIIO]

Ok, no, that's not it, it is binding to the right IP on my server but it still won't pass through the firewall. uhg.

[XOIIO]

I just noticed this error pops up when I save the firewall rule but clicking on it doesn't go into detail. hmm

slightly more info

2021-05-28T18:55:39   opnsense[20610]   /usr/local/etc/rc.filter_configure: There were error(s) loading the rules: /tmp/rules.debug:128: syntax error - The line in question reads [128]: rdr log on em1_vlan3000 inet proto {tcp udp} from {any} to {(em1_vlan3000)} port $DayzEpoch tag Dayz Server -> $DL380_G6 # Dayz Server

[XOIIO]

I deleted and recreated the rule and no error this time, but it still doesn't work. Must be a firewall problem though, uhg.

[XOIIO]

holy shit it's fucking working.

but why? It's just the same config as before.

UUUUHG this is almost worse than it not working at all what the hell.