Port forward for a NAS with VPN

[stuffu]

I am pretty sure there are similar questions out there, I haven't been able to find them...

Anyway I have a service on a NAS I want to use port forward on. So far so good. On my NAS I have a VPN service, which makes my life harder than it has to be since it has another external IP than my router broadcasts. I have tried to set up selective routing for VPN specific for the NAS but failed, so I am back with VPN on the NAS itself. It shares the same LAN and are on the same network as all other devices.

It would make sense that port forwarding rule is exactly the same in this setup.

Interface WAN
Destination WAN Adress
port range other: port nr
Redirect target IP NAS ip/port nr
Filter rule - pass

I can't find a way to check if the port is open since all my other clients are on the public ip adress. But I still can't seem to connect to the service.

What did I miss?

[Demusman]

The majority of this post makes no sense at all but if you just want to check for an open port, go here:
https://www.grc.com/shieldsup

[stuffu]

When I read it again, I can see what you mean...

I'll try to be more detailed.

1. Since the NAS has another external ip than the rest of the network, can I still use the same firewall rule as if it had the same external ip? Why I ask is that the router doesn't really handle the external ip of the NAS with the current setup. It's all handled by the nas. The NAS itself is a part of the same LAN as the rest of the devices.

2. How can you test if a port is open on a device I can't browse with? It would be nice if you could enter the ip and the port you

Makes more sense?

[Demusman]

When I read it again, I can see what you mean...

I'll try to be more detailed.

1. Since the NAS has another external ip than the rest of the network, can I still use the same firewall rule as if it had the same external ip? Why I ask is that the router doesn't really handle the external ip of the NAS with the current setup. It's all handled by the nas. The NAS itself is a part of the same LAN as the rest of the devices.

2. How can you test if a port is open on a device I can't browse with? It would be nice if you could enter the ip and the port you

Makes more sense?

No, not really.
1. How can your NAS have a different external address?? Do you have two internet connections?
But then you say the NAS is on the same LAN. Two nics in NAS, one connected to LAN and one connected to another router?

2. did you go to the website I posted?? It doesn't test the NAS, it tests the port through the firewall. You don't need to go to it from the NAS, just from a LAN port on the firewall.

[stuffu]

Maybe I am trying to explain too much :)

The NAS is running a vpn service and external ip from the NAS is the vpn providers ip address. The rest of the devices uses the isp provided ip address. Every device routes through opnsense. My question is if different external ip addresses can use the same rule, like WAN as interface? I assume they can but I can't verify it from the NAS.

If I test a port on grc on a computer my external ip is something like 195.x.x.x and the NAS with port forwarding has something like 10.x.x.x. Is there a way to verify that?

Sorry for the confusing posts.

[cookiemonster]

No you can't do that when your NAS has an established VPN unless it has another NIC. The second NIC could be in your LAN and the port forward would work from the router WAN to it. When the VPN is active, it's in another network, controlled not by you but your VPN provider.

[stuffu]

Thanks for the reply. I have Home Assistant as a VM and Jellyfin in a container on the NAS with VPN as well. Struggling to get remote access to those... Any advice on what to do here?