OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Port forwarding sanity check (blaming my VM setup)
« previous next »
  • Print
Pages: [1]

Author Topic: Port forwarding sanity check (blaming my VM setup)  (Read 647 times)

Koloa

  • Newbie
  • *
  • Posts: 41
  • Karma: 4
    • View Profile
Port forwarding sanity check (blaming my VM setup)
« on: September 09, 2022, 05:06:35 am »
I set up a port forwarding test ahead of my migration to an OPNsense appliance next week, and made it to about 90% success - and I think the reason for my failure was my specific VM setup.  May not be anyone here who can confirm that, but, thought I'd try.

Issue:  tcpdump confirms packets arriving at intended destination on LAN from WAN, but, connections never get established (test was performed using netcat).

Setup:

  • macOS Host
  • Parallels virtualisation software
  • OPNsense with WAN as Shared Network interface from Parallels, IP of 10.211.55.48
  • OPNsense with LAN as static IP of 192.168.1.1/24
  • Linux VM with static IP of 192.168.1.10/24 and gateway of 192.168.1.1

With this setup, and ensuring that the WAN interface permits RFC1918 and bogon traffic (disabled both tick boxes), the Linux VM correctly routes via the OPNsense LAN, can reach the Internet, and all is good.  I can manage the OPNsense from the Linux VM to the LAN IP of the OPNsense VM.

I set up Port Forwarding to permit IPv4, tcp, listening on WAN, for traffic going to the WAN address, and setting a destination IP of 192.168.1.10, listening for incoming port 9999 and sending it to 9999 on the Linux VM.  "Add associated rule" was also enabled.

I can see the rule, and the corresponding rule set up on the WAN interface in Firewall -> Rules. (Add associated rule did this)

When I use netcat on the Linux VM and listen on port 9999, I can reach it from Netcat on the OPNsense VM itself.

However, when I try to use my macOS Host, which has the IP of 10.211.55.2, I can see the packets arrive on 192.168.1.10:9999, but, netcat never connects.  I also see the NAT port forwarding rule in the firewall logs.  Nothing is being denied.

My assumption is that my weird setup is why the netcat from the macOS host never properly connects.  The packets, and responses, are absolutely visible on the Linux VM, but, something doesn't "click".

Probably not a lot of Parallels users here, and from what I can gather from various tutorials online, I've done everything right. 

Thanks for pointing out anything glaringly dumb in the above.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Port forwarding sanity check (blaming my VM setup)
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2