[Tutorial] How I do port forwarding - simple and straightforward

Started by theogravity, May 29, 2018, 03:21:51 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
March 12, 2021, 05:59:04 AM #15
Thanks for the thread, Been trying all day to get a vpn working, and Just used the port forward for my vpn into my synology router (which is just as AP now)

8)
April 01, 2021, 02:52:39 PM #16
First of all I dont have that + sign in aliases.

I seem to be unable to get port forwarding to work. I forwarded 80 and 443 to an internal nginx proxy manager but it doesnt seem to reach this

Am I doing this the right way?

October 12, 2021, 03:12:43 AM #17
Hi, thanx for the guide.

Got a question though, as its not fully working for my end.

when i try to connect from the internet (through ddns) i get a pass outgoing rule (?) and thats it, it stops there. Locally, the machine accepts (ssh) connections.
Code Select
__timestamp__ Oct 12 04:07:05
ack
action [pass]
anchorname
datalen 0
dir [out]
dst 192.168.1.91
dstport 22
ecn
id 30776
interface em0
interface_name lan
ipflags DF
ipversion 4
label let out anything from firewall host itself
length 60
offset 0
protoname tcp
protonum 6
reason match
rid 1232f88e5fac29a32501e3f051020cac
rulenr 70
seq 342642971
src 71.120.21.331
srcport 54264
subrulenr
tcpflags S
tcpopts
tos 0x0
ttl 62
urp 64240

I dont understand though, why there it shows thats a connection is being made with direction to the outside.. Shouldn't it say incoming instead? The local IP im trying to connect to is 192.168.1.91.
October 29, 2021, 11:04:19 AM #18
THANK YOU!!! I have spent hours trying to get port forwarding to work.  Nobody ever mentions the bit about "reflections for port forwards" and "automatic outbound NAT for reflection".  After checking these boxes, my port forwards work!
November 08, 2021, 12:14:16 PM #19
This post solved my 3-day headache. THANKS! <3 NAT Reflection did the trick..
December 19, 2021, 12:41:04 PM #20
Is this still the best guide for newbies? I literally only will need to forward one port nowadays.
April 11, 2022, 03:13:30 PM #21
i've tried this tutorial and others and the official how to   but i cannot get any of my port forwarding to work.  i've done port forwarding in the past on regular wifi routers but never anything like opnsense.

i use a  noip domain to  rdp into my windows machine at home. 

internally i can rdp into any machine in my network in my lan.

the problem i have is can't  RDP from the wan. 

before my setup was    westdallas.ddns.net:9999  from the router  i would forward the 9999 port to win rdp ports in my lan to my server.  then i would use  9989  to connect to my desktop or another machine.

now i can't port forward anything  i need to set my truenas and my plex and my nextcloud but none of the port forward options are working.

i enabled nat reflection

i've spent a few hours on this can't get it to work.

I opened up the ports on the firewall for 9999 and 9989 and  WIN RDP  and in the firewall log i can see request hitting the firewall on port 9999 but it's not being routed to the internal ip i need it to go to.

i did set up the nat port forwarding as well .
June 07, 2022, 02:10:05 PM #22
Hi there ans Thanks a lot for that manual, it works great. But how can I specify that only special hosts can access this ports, like a whitelisting.

September 11, 2022, 02:33:31 AM #23 Last Edit: September 11, 2022, 03:26:16 AM by bitTwiddler
When creating a Port Forward Rule,  the only options I see for Filter rule association are:

None
Pass

Did I skip a step where a NAT rule was created?

Also, when I enable Reflection for port forwards and Automatic outbound NAT for Reflection, something breaks my rule to forward all DNS traffic to PiHole.  As soon as I enable those settings I am unable to perform name resolution via DNS.

Note: I am running OPNsense 21.7.8-amd64
September 11, 2022, 12:44:42 PM #24
Quote from: Olli on June 07, 2022, 02:10:05 PM
Hi there ans Thanks a lot for that manual, it works great. But how can I specify that only special hosts can access this ports, like a whitelisting.
By using a "Source" setting in the port forward. E.g. a group of host/network aliases ...

See sceenshot:


HTH
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 26, 2022, 11:27:07 PM #25
Thank you! This just saved my life  ;D
November 07, 2022, 12:15:41 PM #26
I've been looking for a few hours at this issue and couldn't see how to make the last step.   Whilst not directly solving my problem (coudn't see how to enter a single IPv4 source address), it did confirm I was on the right lines - now sorted - many thanks.

My excuse is that I am a newbie, had OPNsense running for just under 2 days, with a new mini-PC (first PC in decades) and FreeBSD is new to me (unless you count macOS).   Working well, complete with a few plugins installed.
December 08, 2022, 11:28:08 AM #27 Last Edit: December 10, 2022, 08:38:19 PM by Lxndr
Hi all,

I'm trying to setup a reverse proxy in order to expose some services on to the web.

for test purposes I'm currently only exposing a uptime-kuma container, I can access it no problem internally but not getting access when coming from outside my network, this is what I've currently have setup as port forwarding rule pointing to swag my reverse proxy:




what I have in the firewall rules section:



and this is what I get as result when accessing using the domain:



I'm not seeing what may be wrong here, any idea of what I may have done wrong here?

Thanks in advance for your help
December 10, 2022, 08:40:41 PM #28 Last Edit: December 10, 2022, 09:14:09 PM by Lxndr
Hi guys,

Ignore my previous post, this is working, when I try reaching any of my internal hosts/services using the mobile network or from a computer outside my network, I do reach my proxy, but when I try from inside the network, the routing does not happen, so I do have an issue but it's not related to the port forwarding, looks like my adguard or maybe the dns setup on opnsense is not correctly setup. I'll need to look into that more in depth.
December 17, 2022, 04:32:47 PM #29 Last Edit: December 18, 2022, 10:52:35 PM by Lxndr
Quote from: Lxndr on December 10, 2022, 08:40:41 PM
Hi guys,

Ignore my previous post, this is working, when I try reaching any of my internal hosts/services using the mobile network or from a computer outside my network, I do reach my proxy, but when I try from inside the network, the routing does not happen, so I do have an issue but it's not related to the port forwarding, looks like my adguard or maybe the dns setup on opnsense is not correctly setup. I'll need to look into that more in depth.

Hi all,

sorry to bother you guys again, following the above message I'm trying to setup Nextcloud AIO behind swag reverse proxy but I've come into an issue where I can't get Nextcloud to validate the domain, I keep getting the error below despite having a port forwarding rule:

The server is not reachable on Port 443. You can verify this e.g. with 'https://portchecker.co/'; by entering your domain there as ip-address and port 443 as port.

The forwarding rule points to the reverse proxy and seems fine as Swag is working and managed to get the  certificate from let's encrypt, but when using https://portchecker.co/ or https://canyouseeme.org/ both tell me that port 443 is closed; any ideas why that is?

Do note that both swag and nextcloud AIO are both running on docker on different containers.

I'm not sure if the issue is at the Opnsense or the swag level, appreciate if anyone has an idea on this

Thanks

EDIT: Managed to sort myself out, seems like I had an issue with my internet connection, so after rebooting Opnsense and the ISP Fiber Optical interface, things got back to normal, so all good now.
Print
Go Up Pages 1 2 3
User actions