OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 23.1 Legacy Series »
  • looping back from a NATed private IP via its own public IP, any port, no-go
« previous next »
  • Print
Pages: [1]

Author Topic: looping back from a NATed private IP via its own public IP, any port, no-go  (Read 970 times)

oldjoe

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
looping back from a NATed private IP via its own public IP, any port, no-go
« on: February 16, 2023, 10:04:53 pm »
Hi,

I just bought an OPNsense DEC740 and upgraded to latest firmware 23.1.1. I have set it up as a simple router with single NATed subnet (129.168.214.0/24) with the following forwarded ports, 80, 443.

What used to work with my old router was to reach a web server running on the private network from another computer on the same subnet via the public IP/FQDN (www.8ccr.com) but I have not been able to get that to work, only from an external device coming in so I know port forwarding is working.

This works:
External IP:80 -> www.8ccr.com:80  (71.183.45.64:80) --> WAN Interface:80 > NATed to private IP:80 (192.168.214.10/24)

Code: [Select]
user@external:~$ nc -vz www.8ccr.com 80
Connection to www.8ccr.com 80 port [tcp/http] succeeded!
This does NOT work:
192.168.214.7 ->  www.8ccr.com:80  (71.183.45.64:80) -> WAN interface:80 -> NATed back to private IP:80 (192.168.214.10/24)

Code: [Select]
user@internal:~$ nc -vz www.8ccr.com 80
nc: connect to www.8ccr.com (71.183.45.64) port 80 (tcp) failed: Connection timed out
I performed two Packet Captures on the WAN interface; one for the external IP and one for the internal (during the tests above). I can see the traffic from the external but not from the internal so it looks like the internal request is not even reaching the WAN interface.

I am sure I am missing a setting somewhere since this was all working with my old router, I just haven't been able to find it for loopback kind of traffic in OPNsense.

Thanks in advance for any pointers.
Logged

stefanpf

  • Jr. Member
  • **
  • Posts: 75
  • Karma: 5
    • View Profile
Re: looping back from a NATed private IP via its own public IP, any port, no-go
« Reply #1 on: February 17, 2023, 09:45:05 pm »
Have a Look at „nat reflection for portforward“
and „ Automatic outbound NAT for Reflection“
https://docs.opnsense.org/manual/firewall_settings.html#network-address-translation

Logged

danderson

  • Full Member
  • ***
  • Posts: 107
  • Karma: 9
    • View Profile
Re: looping back from a NATed private IP via its own public IP, any port, no-go
« Reply #2 on: February 17, 2023, 09:53:25 pm »
Quote from: stefanpf on February 17, 2023, 09:45:05 pm
Have a Look at „nat reflection for portforward“
and „ Automatic outbound NAT for Reflection“
https://docs.opnsense.org/manual/firewall_settings.html#network-address-translation

This exactly! works like a charm, been using it for years.
Logged

oldjoe

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
Re: looping back from a NATed private IP via its own public IP, any port, no-go
« Reply #3 on: February 18, 2023, 08:54:24 am »
You guys rock! Worked like a charm - thanks a lot!
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 23.1 Legacy Series »
  • looping back from a NATed private IP via its own public IP, any port, no-go
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2