Port forwarding not working, looking for some help as to what I'm doing wrong.

Started by wingull, November 26, 2024, 10:28:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 26, 2024, 10:28:28 PM
Hi all,

I've set up my OPNsense 24.7 router this morning. I've been trying to setup port forwarding on my router so I can get my reverse proxy to work. The reverse proxy server is on my LAN. I bridged a 4 port NIC to use the LAN interface. WAN is configured on VLAN 6, with PPPoe. The VLAN is connected to a physical port.

Now for the port forwarding rule I tried to setup.

Code Select
Interface: WAN
Protocol: TCP
Source: any
Source port: any
Destination: LAN address
Destination port range: 443
Redirect target IP: IP of Nginx rev proxy server on LAN subnet
Redirect target port: 443
NAT reflection: Enable
Filter rule association: Rule

Under Firewall > Rules > WAN I can see the firewall rule has been automatically created

Under Firewall > Settings > Advanced the following relevant settings are enabled:

Code Select
Reflection for port forwards: ON
Reflection for 1:1: OFF
Automatic outbound NAT for Reflection: ON

My theory is that it has something to do with WAN being on VLAN 6? NAT works just fine though.
The port is unreachable from inside as well as outside my network.

Interfaces > Diagnostics > Port Probe shows the port on my Nginx server as open on TCP.

Desperate for any suggestions, I've tried all the guides I can find. Thanks
November 26, 2024, 10:36:42 PM #1
Look at this. Then note that your rule obviously has the wrong destination. Assuming you use outbound NAT and have one WAN IP only, the destination from outside cannot be "LAN address", because your ISP would not even route an RFC1918 IP.

Normally, you use "this firewall", so that any traffic directed at the firewall will get DNATed to your LAN IP.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
November 26, 2024, 10:55:40 PM #2
I interpreted that line as destination from router to the server. That's fixed my problem :) thank u
November 27, 2024, 07:13:25 PM #3
Update:
Port forwarding works from LAN network. Nmap results show ports open on firewall local IP and public IP, yet it's unreachable from outside of my local network. Configuration same as before but now with This Firewall as destination.
November 27, 2024, 08:02:19 PM #4
You will have to debug this further:

- Do packets even arrive or does your ISP block incoming packets?
- Do you probably live behind CGNAT? In that case: good luck.
- Do you have some case of double-NAT by using your ISPs router in front of OpnSense?
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
November 27, 2024, 08:03:40 PM #5
Update: im regarded :(
forgot to change the default gateway on my nginx server
Print
Go Up Pages1
User actions