Access from the Internet to the web server on the LAN side.

[greenhorn]

Hello everyone.

It's possible that this topic has already been discussed, but I'm so confused that I can't find anything.
Namely, I have installed OPNsense, and on the interface (igc3) I have a server based on Apche2 connected, where I have a website in HTML.

The website runs on the local network, but how do I configure OPNsense so that I can view the website from the public network (I don't have a domain purchased at the moment). Currently, I would like to use the (permanent) public IP address assigned to me by the operator.

The (igc1) WAN interface has the address: 10.220.88.144
Interface (igc3) LAN I have the address: 192.168.100.22

I have configured: Firewall: NAT: Port Forward in such a way that from the internal WAN address: 10.220.88.144 - port (81) I can access the website at: 192.168.100.22

I enter 10.220.88.144:81 in the browser and a website opens on the Apache2 server.
What should I do to access this website from the Internet?

Please help. 

[Maurice]

10.220.88.144 is not a public IPv4 address. Does your ISP use CGNAT? Or is there another router (with NAT) involved on your side?


Cheers
Maurice

[greenhorn]

Hello Maurice

I have provided an example IP on the WAN port.
Does it matter what IP address I entered on the forum?

PS. Maurycy, I hope you weren't offended by my answer. 

[greenhorn]

Maurice, I'll give you the details. 

I have access to the Internet via a wireless modem.
The public IP is 37.48.152.178
The IP on the WAN port is as specified above.

Firewall: NAT: Port Forward

Interface: HUAWEI
Proto: TCP
Source Address: *
Ports: *
Destination Address: HUAWEI address: 81
NAT IP: 192.168.100.22
Ports: 80(HTTP)

[Maurice]

Using an RFC1918 as a placeholder for a public IP address was confusing, yes.

Your port forward rule looks fine. Does your ISP allow inbound connections? You could try a packet capture on the WAN interface to check for incoming packets to port 81.

[Patrick M. Hausen]

Also:

Filter rule association: Pass

[greenhorn]

Maurycy - thank you for your answer.
I need to check if my ISP allows incoming connections.

You can try capturing packets on the WAN interface to see if the packets are coming to port 81.

Maurycy, can you describe in more detail where I can check if packets are coming to port 81.

Patrick M. Hausen, I have a question for you.
I'm not very familiar with OPNSENSE, can you elaborate on your answer?

Gentlemen, I have a common question for you: does Firewall: NAT: Outbound play any role in my problem?

[Patrick M. Hausen]

The NAT Port Forward Rule you set up - down there is a field labelled "Filter rule association". Set that to "Pass", save and apply.

[greenhorn]

Patricki OK, I understood, thanks for the tip!

Regards
Peter

[Patrick M. Hausen]

My name is Patrick and Maurice's name is Maurice. You are extraordinarily rude.

[greenhorn]

Patrick M. Hausen, I didn't think you were so sensitive about yourself.
Besides, the Germans are famous for this - Masters and subhumans - you probably know this from History?
Moreover, your year of birth does not impress me because I am 4 years older than you, Herr Baron von Hausen!

PS.
My typos were due to the fact that I used a translator.

[greenhorn]

Maurice (if I offended you), I'm sorry that I misspelled your name (NICK).
It wasn't intentional.


PS.
My typos were due to the fact that I used a translator.

[Patrick M. Hausen]

Insinuating I was a closet nazi sure makes it better. Consider this conversation ended.

[greenhorn]

Jawohl Herr General - 88

[franco]

Temp-banned greenhorn for posting (very far) off-topic.