Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
NAT port forward rules being caught by default deny
« previous
next »
Print
Pages: [
1
]
Author
Topic: NAT port forward rules being caught by default deny (Read 1776 times)
rwhitton
Newbie
Posts: 6
Karma: 0
NAT port forward rules being caught by default deny
«
on:
April 18, 2022, 02:19:45 pm »
(Version 22.1.6)
Having spent several hours I'm unable to get a simple NAT port forward rule working. It's always caught by the default deny rule.
It's a really simple NAT rule from WAN:5051 -> MY_INTERNAL_IP:5051 TCP. See attached.
I have the associated rule created and if I look at the firewall rules then I can see that the rule is there.
When I attempt to connect then looking at the live view I can see that it's being consistently caught by the default deny rule as shown below:
__timestamp__ 2022-04-18T12:59:52
ack
action [block]
anchorname
datalen 0
dir [in]
dst x.x.x.x
dstport 5051
ecn
id 30452
interface pppoe1
interface_name WAN
ipflags DF
ipversion 4
label Default deny / state violation rule
length 52
offset 0
protoname tcp
protonum 6
reason match
rid 02f4bab031b57d1e30553ce08e0ec131
rulenr 9
seq 2845703226
src y.y.y.y
srcport 51702
subrulenr
tcpflags S
tcpopts
tos 0x0
ttl 121
urp 64240
I've had port forwards working previously without any issues. I've tried all the usual things such as rebooting; deleting the NAT rule and recreating; using different ports; changing NAT reflection, but the problem persists. Does anybody have any idea what might be wrong and how to fix this?
Many thanks
Logged
Bonkerton
Newbie
Posts: 29
Karma: 0
Re: NAT port forward rules being caught by default deny
«
Reply #1 on:
April 18, 2022, 07:31:50 pm »
Have you tried as Destination
'This Firewall' or 'Any' ?
I have a couple of PFs for my Tor Relay with Destination 'This Firewall' and they work.
Logged
rwhitton
Newbie
Posts: 6
Karma: 0
Re: NAT port forward rules being caught by default deny
«
Reply #2 on:
April 18, 2022, 07:58:57 pm »
I tried any previously. I just tried "this firewall" and unfortunately I get the same response.
I think this is some sort of recent regression or change in behaviour. Possibly with 22.1.6 which I only upgraded to the other day. I set up port forward rule two weeks ago and it was fine.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
NAT port forward rules being caught by default deny