Port forward not working on VPN WAN interface despite firewall logging packets

Started by tantkomo, September 28, 2023, 12:42:49 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 28, 2023, 12:42:49 PM
Hello,

I have a problem that has been driving me crazy for a week now. I had a very similar setup before and due to moving I had to redo it on a different machine.

Long story short I use AirVPN as a second WAN, I used to use the old OpenVPN client but I now switched to instances [new], client connects perfectly fine, hosts I want to go out over the VPN gateway go through it, but port forwarding through it simply isn't working no matter what I do.
The weirdest thing of all is that I see packets being logged by both the port forward rule and the firewall rule created by it.

To further test this I made a local Nginx site which I can access perfectly fine locally, but when I try to access it over my AirVPN WAN IP, both the firewall rules log the traffic as allowed which is expected, but I cannot load the page.







Any help would be greatly appreciated because I don't know what else to try here.
September 28, 2023, 12:57:02 PM #1
I remember this:

(its german)
https://forum.opnsense.org/index.php?topic=35920.0

The solution was to enable "Advanced features: reply-to" with the VPN interface in the firewall rule that allows this port forward.
Hardware:
DEC740
September 28, 2023, 10:34:23 PM #2
Quote from: Monviech on September 28, 2023, 12:57:02 PM
I remember this:

(its german)
https://forum.opnsense.org/index.php?topic=35920.0

The solution was to enable "Advanced features: reply-to" with the VPN interface in the firewall rule that allows this port forward.

If I understand this right, I should enable the reply-to setting in the firewall rule on the VPN WAN interface that is generated by the port forward rule.

Issue is I don't have the option to edit the firewall rules generated by port forward rules and the port forward rule does not have such an option.





Unless I misunderstood where this option should be set.
September 28, 2023, 10:46:55 PM #3 Last Edit: September 28, 2023, 10:48:42 PM by Monviech
You could disable the linked firewall rule and recreate it manually with the advanced option set.

Also if you set "Filter rule association: none" in the Port Forward rule, no linked firewall rule will be made.

Hardware:
DEC740
October 01, 2023, 12:34:10 PM #4
That was it, what weird default behavior, oddly enough I didn't have to ever use that setting before. I guess it has to be a new addition to the firewall.
Print
Go Up Pages1
User actions