looping back from a NATed private IP via its own public IP, any port, no-go

Started by oldjoe, February 16, 2023, 10:04:53 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 16, 2023, 10:04:53 PM
Hi,

I just bought an OPNsense DEC740 and upgraded to latest firmware 23.1.1. I have set it up as a simple router with single NATed subnet (129.168.214.0/24) with the following forwarded ports, 80, 443.

What used to work with my old router was to reach a web server running on the private network from another computer on the same subnet via the public IP/FQDN (www.8ccr.com) but I have not been able to get that to work, only from an external device coming in so I know port forwarding is working.

This works:
External IP:80 -> www.8ccr.com:80  (71.183.45.64:80) --> WAN Interface:80 > NATed to private IP:80 (192.168.214.10/24)

Code Select
user@external:~$ nc -vz www.8ccr.com 80
Connection to www.8ccr.com 80 port [tcp/http] succeeded!

This does NOT work:
192.168.214.7 ->  www.8ccr.com:80  (71.183.45.64:80) -> WAN interface:80 -> NATed back to private IP:80 (192.168.214.10/24)

Code Select
user@internal:~$ nc -vz www.8ccr.com 80
nc: connect to www.8ccr.com (71.183.45.64) port 80 (tcp) failed: Connection timed out

I performed two Packet Captures on the WAN interface; one for the external IP and one for the internal (during the tests above). I can see the traffic from the external but not from the internal so it looks like the internal request is not even reaching the WAN interface.

I am sure I am missing a setting somewhere since this was all working with my old router, I just haven't been able to find it for loopback kind of traffic in OPNsense.

Thanks in advance for any pointers.
February 17, 2023, 09:45:05 PM #1
Have a Look at ,,nat reflection for portforward"
and ,, Automatic outbound NAT for Reflection"
https://docs.opnsense.org/manual/firewall_settings.html#network-address-translation

February 17, 2023, 09:53:25 PM #2
Quote from: stefanpf on February 17, 2023, 09:45:05 PM
Have a Look at ,,nat reflection for portforward"
and ,, Automatic outbound NAT for Reflection"
https://docs.opnsense.org/manual/firewall_settings.html#network-address-translation

This exactly! works like a charm, been using it for years.
February 18, 2023, 08:54:24 AM #3
You guys rock! Worked like a charm - thanks a lot!
Print
Go Up Pages1
User actions