Forward local port to WAN Bridge

Started by teclab, January 15, 2026, 05:40:21 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 15, 2026, 05:40:21 PM
Dear community,

my fiber bridge does have a second IP for local configuration web interface: 192.168.33.1
For this I configured a virtual IP (IP alias) on the WAN interface. Ok - this works.

From the LAN side I can only reach it when doing a port forwarding using ssh (ssh -L 88:192.168.33.1:80 root@opnsense).
When configuring a Firewall-NAT-Port forwarding I am failing:
Code Select
LAN1 TCP * * This Firewall 88 192.168.33.1 80 (HTTP)
Also tried a firewall rule:
Code Select
IPv4 TCP LAN1 net * * 88 * * Glasfaser Modem
But nothing helps.

Any ideas welcome. Thx!


January 15, 2026, 06:39:54 PM #1
You only need an outbound NAT rule on the WAN interface:
destination: 192.168.33.1/32
translation: virtual WAN IP
January 15, 2026, 08:37:33 PM #2
Configured it:

Code Select
Interface Source      Source Port Destination Destination Port NAT Address NAT Port Static Port Description    
WAN         LAN1 net     tcp/ *         This Firewall tcp/ 88                 192.168.33.1/32 80         NO

But getting a timeout when opening http://opensense:88

January 15, 2026, 08:43:36 PM #3
This is not, what I suggested.
Your rule translates the source address to the modems IP (192.168.33.1) and the source port to 80?

Quote from: teclab on January 15, 2026, 08:37:33 PMBut getting a timeout when opening http://opensense:88
So this is expected.

Just obey the suggestion and access the device by its IP then.
January 15, 2026, 10:24:04 PM #4
Quote from: viragomann on January 15, 2026, 08:43:36 PM... and access the device by its IP then.

I am not accessing the modem by its IP. I need to http to OpenSense on port 88, and from there forward to the modem 192.168.33.1 on port 80.
That's why I gave this example:

From my desktop PC I do:
Code Select
ssh -L 88:192.168.33.1:80 root@opnsense
And then doing http://opnsense:88 I get forwarded to the modem.

Sorry, but I did not want to "disobey" you *lol* ... I might not understood it better ...


January 15, 2026, 10:26:49 PM #5
But if you correctly NAT on the interface you can just use http://<ip of modem> without SSH or anything.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 15, 2026, 10:34:09 PM #6
Quote from: teclab on January 15, 2026, 10:24:04 PMfrom there forward to the modem 192.168.33.1 on port 80.
And what's the sense of forwarding the traffic?
Print
Go Up Pages1
User actions