Port forwards, auto firewall rules & associating pipes

Started by keeka, February 16, 2022, 11:42:20 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 16, 2022, 11:42:20 AM Last Edit: February 16, 2022, 11:43:59 AM by keeka
I have a few questions on port forwards, auto firewall rules & associating pipes. I'd be grateful for any help.

1. If I create a port forward rule, select multiple interfaces and select make new firewall rule association, no firewall rules are generated. This only works for new forwarding rules where a single interface is chosen. Is this by design?

2. When creating a forward rule, I can select firewall interfaces by name in the 'Destination' dropdown. However these same aliases are not available in 'Redirect target IP' dropdown. There, I need to specify firewall's interface IP or have manually created aliases for such. It strikes me these built-in aliases should also be available in the 'Redirect target IP' dropdown too. I find I create port fowards for DNS, NTP etc and often reference the firewall's IP on the selected interface (rather than 127.0.0.1).

3. Bandwidth limits associated with a particular port forward or firewall rule. e.g. restricting bandwidth available to a public facing webserver exposed via NAT. Is it possible to associate an existing traffic shaper pipe directly within a rule or forwarding definition? Or is traffic shaping configured solely within the Shaper section of the opensense interface?

I'm new to opnsense and enjoying exploring the interface. One thing that would help me is higher contrast text. I find the grey on off white difficult to read after a while. Can I change the theme?
February 16, 2022, 02:12:15 PM #1
Quote from: keeka on February 16, 2022, 11:42:20 AM
1. If I create a port forward rule, select multiple interfaces and select make new firewall rule association, no firewall rules are generated. This only works for new forwarding rules where a single interface is chosen. Is this by design?

Since posting I think I found the answer to my first question. With multiple interfaces selected, the firewall rule is created, under floating rules.
However the interfaces that rule acts on are not displayed in the floating rules list and it doesn't seem possible to open a view on details of an autogenerated/system-managed floating rule.
Print
Go Up Pages1
User actions