Archive > 17.7 Legacy Series

[SOLVED] Port forwarding, internal server to external port

<< < (2/3) > >>

jarif:
Ditto here. I followed to the letter, while I was thinking that this is now a duplicate rule to what I already have.

No connection. I have an another thread on my issue, but it is the same problem. Some packets transfer thru according to tcpdump, but but no TCP socket connection establishes. Timeout.
 

jl_678:
I would explore the DNS override option.  It worked really well for me and is actually very simple to configure.

jarif:

At least I am not having any difficulties with DNS, works as charm. My problem is that while *some* packets pass the firewall and NAT, the connection still does not somehow establish.

mpmccormick86:
Seriously wonderful step-by-step walk through. I'm most definitely not a network guy, and configuring this type of firewall is new for me. A HUGE Thank You to BertM!


--- Quote from: BertM on October 19, 2017, 04:56:11 pm ---Hi Newbiewifi,

If I understand correctly, on your internal LAN you have a web server running a website (for example www.mysite.com).
The webserver has an fixed IP address on the LAN, and you want to access it by it's name, both from the outside and the inside network.

An alias is not going to help you, because these are only used to make your config easier to read for humans.

But here is an example that will work.
I don't know how much experience you have with configuring network things, so I will try to keep this as simple as possible and explain very detailed.

First let's make some assumptions:

* Your external IP address is 123.45.67.89
* Your LAN interface is configured as 192.168.10.1/24
* Your webserver running HTTP (port 80) and HTTPS (port 443) lives at address 192.168.10.30
* You are the owner of the domain mysite.com and the URL for your webserver is www.mysite.com
* In external DNS, you have an A record for www.mysite.com pointing to 123.45.67.89 (your external IP address)
Here is what you have to do:

Configure an aliases to make your config more readable.

* Click Firewall ==> Aliases ==> View
* Click the "Add a new alias" button
* Enter the following info:
   Type: Host(s)
   Name: Webserver
   Description: The webserver host
   Host(s): 192.168.10.30
   Description: Webserver IP address
* Click Save
* Click the "Add a new alias" button again
* Enter the following info:
   Type: Port(s)
   Name: Websrv_Ports
   Description: The webserver Ports
   Port(s): 80
   Description: HTTP port
* Click the plus sign to add another line and enter the following information
   Port(s): 443
   Description: HTTPS port
* Click Save and Apply Settings
If you are forwarding both port 80 (HTTP) and port 443 (HTTPS), you want to set the port for the web gui of your OPNsens to another port, for example port 440.
In that case you will access the web gui of OPNsense like https://yourIPaddress:440

* Click System ==> Settings ==> Administration
* Enter 440 in the TCP port field
* Click SaveThe OPNsense web gui will automatically reconnect in 20 seconds, using the new port.

Add the port forwarding rule to send any incoming HTTP and HTTPS traffic to your webserver.

* Click Firewall ==> NAT ==> Port Forward
* Click the Add button to add a new Port Forward rule
* Select the following information
   Interface: WAN
   TCP/IP version: IPv4
   Protocol: TCP
   Destination: WAN Address
   Port range: From: Websrv_Ports To: Websrv_Ports
  (You can select that from the dropdown because you created the alias)
   Redirect target IP: Webserver (again, you can delect that because you created the alias)
   Redirect target ports: Websrv_Ports
   NAT reflection: Enable (Pure NAT)
   Filter rule association: Add associated filter rule
* Click Save and Apply Settings.
This will do what you want to achieve.

* The external DNS server will resolve www.mysite.com to your external IP address.
* The NAT/PortForward rule will forward this to your webserver.
* If internally www.mysite.com is also resolved to your external IP address,
NAT Reflection will send this outgoing traffic back inside towards your webserver.
I hope this info helps.

Kind regards,
Bert

--- End quote ---

Deku2:
Was not able to get this to work for me.  Able to access it from the outside fine.  One difference for me is that I'm trying to do a port redirect.  443 on the outside to 8080 inside.  Tried with and without NAT reflection.  Event tried to create similar rules specifying the LAN source to WAN destination.  No luck :(

Navigation

[0] Message Index

[#] Next page

[*] Previous page