Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Port Forwarding - Pulling my hair out!
« previous
next »
Print
Pages: [
1
]
Author
Topic: Port Forwarding - Pulling my hair out! (Read 1334 times)
mkozik1
Newbie
Posts: 4
Karma: 0
Port Forwarding - Pulling my hair out!
«
on:
August 16, 2023, 05:23:56 pm »
Good morning all,
Have stood up OPNSense and am running 23.7.1_3. Using my old router I was forwarding port 8000 to my NVR and it was working for years with no issues. I have tried to setup port forward for the same using OPNSense but I cannot seem to get this to work to save my life! Momma is not happy that she cannot see the cameras!
I have tried to set things based on all emails I have reviewed. Checked packet capture to confirm the external address is showing the same as myip.com as I saw that was an issue for someone else. I have changed Filter Rule Association from rule to pass to test with no luck. I made sure redirection is set (all three check boxes) in system default. I have tried accessing the unit from outside my network on my phone as well as internally with no joy.
Current settings are:
Interface: WAN
TCP/IP Version: IPv4
Protocol: TCP/UDP
Destination: WAN Address
Destination Port Range: 8000 | 8000
Redirect Target IP: [Recorder IP]
Redirect Target Port: 8000
NAT Reflection: Enable
Filter Rule Association: Pass
ISP is AT&T which is set to Bridge mode
What the heck am I doing wrong?
Thank you in advance for your help in advance!
Mark
Logged
tverweij
Jr. Member
Posts: 69
Karma: 1
Re: Port Forwarding - Pulling my hair out!
«
Reply #1 on:
August 16, 2023, 07:38:25 pm »
Is the traffic allowed (out) on the destination interface?
Logged
mkozik1
Newbie
Posts: 4
Karma: 0
Re: Port Forwarding - Pulling my hair out!
«
Reply #2 on:
August 16, 2023, 08:21:49 pm »
Quote from: tverweij on August 16, 2023, 07:38:25 pm
Is the traffic allowed (out) on the destination interface?
As best I know. As listed above, I have the setting to pass. Initially I had it set to rule and there was a rule in the WAN interface to match.
Anytime I try to open a port and then check it using one of the online tools, the port never shows to be open. While this is great and I "feel" secure it is killing me!
I am by no means a firewall guy so if you can point me in the right direction it would be great!
Thanks!
Logged
K2Van
Newbie
Posts: 15
Karma: 0
Re: Port Forwarding - Pulling my hair out!
«
Reply #3 on:
August 21, 2023, 08:04:10 pm »
Maybe I have the same issue.
Port forwarding is working when accessing services from the WAN side (ie mobile on 4G).
Port reflection is working for port 80 and 443 from LAN
Port reflection does not work for other ports (email or several other services).
It looks like port reflection only works on http and https ports.
EDIT:
I just found out what was wrong.
First of all I needed to set host overrides in Unbound DNS. I pointed a subdomain to my mail server (different box from the web proxy server).
Then I had to flush the DNS of my clients as resolving the domain name gave the outside IP which does not reflect.
Is this a bug in OPNsense (or a feature)? Anyway I cannot find anything pointing to this in the docs but found fragments when searching.
«
Last Edit: August 21, 2023, 09:49:57 pm by K2Van
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Port Forwarding - Pulling my hair out!