Port forward, outbound, and UPNP issues

Started by PCSargeTech, January 17, 2024, 04:32:31 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 17, 2024, 04:32:31 AM Last Edit: January 18, 2024, 01:43:36 AM by PCSargeTech
Hi, all i recently setup an opnsense box to give my game servers an extra layer of security, but i need to punch through the strict NAT on my gaming PC to play games i have tried the following:

1. installed and enabled UPNP, rebooted opnsense box and pc to test. no ports registered in UPNP status page, strict NAT

2. left UPNP enabled, added allow rule for PC IP, setup outbound rule. no change.

3. made a crude attempt at port forwarding all ports for my PC that i could remember were used for games (even tried 1024-65535 for a laugh) no change in NAT.

i'm totally at a loss here. i will attach images of the outbound/ port forward rules i created and enabled, as well as my upnp config page below.

any help would be greatly appreciated, i've been at this for 2 days now.

January 17, 2024, 11:45:20 AM #1
Hi,

this is not very much information to work with - and I am not an UPnP expert.

Things to check:
- What is your WAN's IP, a private one or coming from your ISP?
- Did you check the firewall rules for the port forwarding? They should see packets and handle them. Switch on logging and check for packets that match those rules. Sometimes, packets are blocked by other rules.
- Outbound NAT should be no problem in this very setup.

Is this supposed to replace a local firewall on your Gaming PC?


January 17, 2024, 05:09:24 PM #2
hi, thank you for responding.

it is not to replace my own PC's firewall, my pc runs bitdefender and always has, its never been an issue.

the WAN IP comes from my ISP, the opnsense box is hooked into my ISP modems 10G port, and is passed through via advanced DMZ, its the only way i could get the wireguard for my game server to function properly and allow connection.

i do have a pppoe setup on the opnsense box aswell that will also get a direct WAN IP seperate from the modem if i need to go that route.

to make clear, opnsense is in place to be my game server's firewall, the only thing it uses a wireguard tunnel for is a static IP.

if any other information is needed, let me know and ill be sure to post it.

January 19, 2024, 04:51:15 PM #3
I am sorry. Came back today, read your post again and I feel lost about what you want to achieve.

So you have...
Code Select

game server, has Wireguard |-----| External service
-----------
    |
-----------
  OPN Sense      Traffic \/  works    /\  blocked?
----------- 
    |
-----------
  ISP Modem
-----------
    |
[Internet]


Do I understand the problem correctly?
Print
Go Up Pages1
User actions