Port-Forwarding listen on all interfaces

Started by henri9813, January 30, 2025, 11:51:26 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 30, 2025, 11:51:26 AM
Hello,

I have a opnsense 25.1.

I have one vlan per customer. ( and multiple customers of course ).
I have a WAN range ips: 1.0.0.0/24

I want to make a port-foward from 1.0.0.1 to one customer vlan ip.

So i configured:
- Interface: WAN
- Source: any
- Destination: 1.0.0.1
- Translate to: 192.168.2.4

I also create the firewall rule to permit the trafic.

That point is OK !

I have a no-nat rules from all my local subnets to 1.0.0.0/24 ( to preserve client ip on the wan devices ).

However, if the trafic come from one local ip to the port-forward ip, it's the firewall which handle the connection and it's not redirected to the local ip.

External connections are ok !

In opnsense, i need to edit the port-forward and select all interfaces one / one.

The problem, is if i add a new network, i won't add on all my port-foward the new interface.

How simplify this ?

Can you add the possibility to listen on "Any interface" instead of selecting interfaces one / one ?

Best regards,
January 30, 2025, 12:03:48 PM #1
I'm not sure if I'm understanding your problem correctly, but I think you need to enable [Firewall > Settings > Advanced > Reflection for port forwards]
January 30, 2025, 12:28:16 PM #2
Hello,

I enabled it, i don't see difference, making a curl on my wan ip from inside show me the opnsense webui instead of making the redirection.

But if on the port forward rule, i choose my lan interface, then it works. but why ?
January 30, 2025, 12:37:07 PM #3
You should not try to forward the port used by the Web UI. If you want to forward port 443, (first) move the Web UI to another port [System > Settings > Administration > Web GUI > TCP port].
January 30, 2025, 01:10:41 PM #4 Last Edit: January 30, 2025, 01:13:51 PM by henri9813
Here is a network diagram of my infrastructure

Resume of the situation.
1.1.1.1 -> 1.1.1.2 = OK
INTERNET -> 1.1.1.2 = OK
192.168.1.2 -> 1.1.1.2 = Webui of the interface, other port are not working.

I have a no-nat from 192.168.0.0/16 to 1.0.0.0/24 to preserve client ip on our "public server" which can enter in the network thought the opnsense which serve of gateway.

And a global nat for the rest of internet by the ip 1.1.1.253

But IF on my port-forward rule, i enable also the local interface, it works !

In the screen of my opnsense, i show that if i check openvpn ( for example, but it could have been whatever interface ) it works.

PS: i move the admin port and cchange the listen interface to admin vlan only, it's doesn't change anything except now, i haven't anything answering.

January 30, 2025, 01:22:16 PM #5
Your screenshot shows OpenVPN. That's not a local interface.

BTW, 1.1.1.1 is a well known CloudFlare public DNS server. You can't really be using that on the internet...
January 30, 2025, 01:31:50 PM #6 Last Edit: January 30, 2025, 01:39:52 PM by henri9813
1.1.1.1 It's an example .... i will not show your my real networks / ips and the issue gone when i select my lan interfaces
Print
Go Up Pages1
User actions