Port forwarding not working, looking for some help as to what I'm doing wrong.

[wingull]

Hi all,

I've set up my OPNsense 24.7 router this morning. I've been trying to setup port forwarding on my router so I can get my reverse proxy to work. The reverse proxy server is on my LAN. I bridged a 4 port NIC to use the LAN interface. WAN is configured on VLAN 6, with PPPoe. The VLAN is connected to a physical port.

Now for the port forwarding rule I tried to setup.

Code: [Select]

Interface: WAN
Protocol: TCP
Source: any
Source port: any
Destination: LAN address
Destination port range: 443
Redirect target IP: IP of Nginx rev proxy server on LAN subnet
Redirect target port: 443
NAT reflection: Enable
Filter rule association: Rule
Under Firewall > Rules > WAN I can see the firewall rule has been automatically created

Under Firewall > Settings > Advanced the following relevant settings are enabled:

Code: [Select]

Reflection for port forwards: ON
Reflection for 1:1: OFF
Automatic outbound NAT for Reflection: ON
My theory is that it has something to do with WAN being on VLAN 6? NAT works just fine though.
The port is unreachable from inside as well as outside my network.

Interfaces > Diagnostics > Port Probe shows the port on my Nginx server as open on TCP.

Desperate for any suggestions, I've tried all the guides I can find. Thanks

[meyergru]

Look at this. Then note that your rule obviously has the wrong destination. Assuming you use outbound NAT and have one WAN IP only, the destination from outside cannot be "LAN address", because your ISP would not even route an RFC1918 IP.

Normally, you use "this firewall", so that any traffic directed at the firewall will get DNATed to your LAN IP.

[wingull]

I interpreted that line as destination from router to the server. That's fixed my problem thank u

[wingull]

Update:
Port forwarding works from LAN network. Nmap results show ports open on firewall local IP and public IP, yet it's unreachable from outside of my local network. Configuration same as before but now with This Firewall as destination.

[meyergru]

You will have to debug this further:

- Do packets even arrive or does your ISP block incoming packets?
- Do you probably live behind CGNAT? In that case: good luck.
- Do you have some case of double-NAT by using your ISPs router in front of OpnSense?

[wingull]

Update: im regarded
forgot to change the default gateway on my nginx server