Port Forwarding - Pulling my hair out!

Started by mkozik1, August 16, 2023, 05:23:56 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 16, 2023, 05:23:56 PM
Good morning all,

Have stood up OPNSense and am running 23.7.1_3.  Using my old router I was forwarding port 8000 to my NVR and it was working for years with no issues.  I have tried to setup port forward for the same using OPNSense but I cannot seem to get this to work to save my life!  Momma is not happy that she cannot see the cameras!

I have tried to set things based on all emails I have reviewed.  Checked packet capture to confirm the external address is showing the same as myip.com as I saw that was an issue for someone else.  I have changed Filter Rule Association from rule to pass to test with no luck.  I made sure redirection is set (all three check boxes) in system default.  I have tried accessing the unit from outside my network on my phone as well as internally with no joy.

Current settings are:

Interface: WAN
TCP/IP Version: IPv4
Protocol: TCP/UDP
Destination: WAN Address
Destination Port Range: 8000 | 8000
Redirect Target IP: [Recorder IP]
Redirect Target Port: 8000
NAT Reflection: Enable
Filter Rule Association: Pass

ISP is AT&T which is set to Bridge mode

What the heck am I doing wrong?

Thank you in advance for your help in advance!

Mark
August 16, 2023, 07:38:25 PM #1
Is the traffic allowed (out) on the destination interface?
August 16, 2023, 08:21:49 PM #2
Quote from: tverweij on August 16, 2023, 07:38:25 PM
Is the traffic allowed (out) on the destination interface?

As best I know.  As listed above, I have the setting to pass.  Initially I had it set to rule and there was a rule in the WAN interface to match.

Anytime I try to open a port and then check it using one of the online tools, the port never shows to be open.  While this is great and I "feel" secure it is killing me!

I am by no means a firewall guy so if you can point me in the right direction it would be great!

Thanks!
August 21, 2023, 08:04:10 PM #3 Last Edit: August 21, 2023, 09:49:57 PM by K2Van
Maybe I have the same issue.

Port forwarding is working when accessing services from the WAN side (ie mobile on 4G).
Port reflection is working for port 80 and 443 from LAN

Port reflection does not work for other ports (email or several other services).

It looks like port reflection only works on http and https ports.

EDIT:
I just found out what was wrong.

First of all I needed to set host overrides in Unbound DNS. I pointed a subdomain to my mail server (different box from the web proxy server).

Then I had to flush the DNS of my clients as resolving the domain name gave the outside IP which does not reflect.

Is this a bug in OPNsense (or a feature)? Anyway I cannot find anything pointing to this in the docs but found fragments when searching.
Print
Go Up Pages1
User actions