[Solved]Port forward behind ISP Router

[Jose]

Hi, since I've tried numerous how-to also can't search for solution yet, I decided to starting a new thread in hope someone in the same boat with solution can bring some light.

I'm having a very hard time trying to get a simple web server to be accessible outside my network(for testing purposes) through No-IP/Port forward, I will post brief setup of my current network in hope to get some advice if I am doing something wrong on my end, before I consider to call my ISP in which is very slow wen it comes to customer support unfortunately.

Lets start with my setup and what I'm trying to accomplish for reference, my setup is as follow:

           ISP/Locked                        Router/DHCP                WiFi/AP/Bridge            Switch/Unmanaged            Wired
[Ubiquiti Wireless Radio]----->[OPNsense 18.1.10]----->[Netis WF2419]----->[ PowerConnect 2808]----->[Clients]

HERE is an image of the above network setup/diagram.

My Web server in question is a simple Apache server running on my FreeBSD file server and currently accessible locally with the IP: 192.168.1.xxx:8080, OPNsense is handling all the Unbound DNS, DHCP and DDNS with my No-IP account, the DynDNS plugin is currently working and cached my outside WAN IP address and is reflected in the No-IP website as expected, now the odds are coming.

I configured port forwarding for the Apache IP/port as follows:

<Source>
[IF=WAN]--[Proto=TCP]--[Address=*]--[Ports=*]

<Destination>
[Address=LAN Address]--[Ports=*]

<NAT>
[NAT=192.168.1.xxx]--[Ports=8080]

My DNS Servers are as follow:
#1: 208.67.222.222
#2: 208.67.220.220
#3: 192.168.1.1

Allow DNS server list to be overridden = Unchecked
Do not use the DNS Forwarder/Resolver = Unchecked

A further test I performed under Windows "nslookup" returned also the following:
> myhostname.ddns.net
Server:  opnsense.localdomain
Address:  192.168.1.1

Non-authoritative answer:
Name:    myhostname.ddns.net
Address:  104.238.xxx.xxx (WAN IP)
>

Overall with this setup, I can access my specified "myhostname.ddns.net" and I'm redirected to external WAN which is working fine, but the port forward is not redirecting to internal Apache target IP/port for some reasons, in either default port 80 nor with 8080 etc, additionally every port tester I've used say Port not open and others say Connection refused. 

I really apologize for my rather messy post and I hope to get some advice from experienced OPNsense users regarding port forward behind a locked ISP router, oh and really sorry for my English.

Regards

[Jose]

Hello, again I'm really sorry for this rather repetitive and messy type of post, however since I'm in this same boat unfortunately, and cannot access my ISP Router/NAT, I just give up on it, and will try alternate solutions like in the previously posted link above, since switching from ISP is not an option by the moment.

Regards

[Jose]

I think I found a quick working solution to workaround this Locked ISP/Carrier Grade NAT issues, is a no install required service called Serveo, an SSH server remote port forwarding, while may not fit every solution, home/soho can benefit from it I think.

I just created a script to fit my needs with a heartbeat loop to auto reconnect upon remote host possible disconnections/target machine availability, and is working great so far from OPNsense appliance itself since its 24/7.

Maybe a very simple plugin supporting this and similar services could be useful, will take a look into it by the way.

Regards