[Solved]Port forward behind ISP Router

[Jose]

Hi, since I've tried numerous how-to also can't search for solution yet, I decided to starting a new thread in hope someone in the same boat with solution can bring some light.

I'm having a very hard time trying to get a simple web server to be accessible outside my network(for testing purposes) through No-IP/Port forward, I will post brief setup of my current network in hope to get some advice if I am doing something wrong on my end, before I consider to call my ISP in which is very slow wen it comes to customer support unfortunately. :-[

Lets start with my setup and what I'm trying to accomplish for reference, my setup is as follow:

           ISP/Locked                        Router/DHCP                WiFi/AP/Bridge            Switch/Unmanaged            Wired
[Ubiquiti Wireless Radio]----->[OPNsense 18.1.10]----->[Netis WF2419]----->[ PowerConnect 2808]----->[Clients]

HERE is an image of the above network setup/diagram.

My Web server in question is a simple Apache server running on my FreeBSD file server and currently accessible locally with the IP: 192.168.1.xxx:8080, OPNsense is handling all the Unbound DNS, DHCP and DDNS with my No-IP account, the DynDNS plugin is currently working and cached my outside WAN IP address and is reflected in the No-IP website as expected, now the odds are coming.

I configured port forwarding for the Apache IP/port as follows:

<Source>
[IF=WAN]--[Proto=TCP]--[Address=*]--[Ports=*]

<Destination>
[Address=LAN Address]--[Ports=*]

<NAT>
[NAT=192.168.1.xxx]--[Ports=8080]

My DNS Servers are as follow:
#1: 208.67.222.222
#2: 208.67.220.220
#3: 192.168.1.1

Allow DNS server list to be overridden = Unchecked
Do not use the DNS Forwarder/Resolver = Unchecked

A further test I performed under Windows "nslookup" returned also the following:
> myhostname.ddns.net
Server:  opnsense.localdomain
Address:  192.168.1.1

Non-authoritative answer:
Name:    myhostname.ddns.net
Address:  104.238.xxx.xxx (WAN IP)
>

Overall with this setup, I can access my specified "myhostname.ddns.net" and I'm redirected to external WAN which is working fine, but the port forward is not redirecting to internal Apache target IP/port for some reasons, in either default port 80 nor with 8080 etc, additionally every port tester I've used say Port not open and others say Connection refused.  :(

I really apologize for my rather messy post and I hope to get some advice from experienced OPNsense users regarding port forward behind a locked ISP router, oh and really sorry for my English. ::)

Regards

[Jose]

Hello, again I'm really sorry for this rather repetitive and messy type of post, however since I'm in this same boat unfortunately, and cannot access my ISP Router/NAT, I just give up on it, and will try alternate solutions like in the previously posted link above, since switching from ISP is not an option by the moment. :-\

Regards

[Jose]

I think I found a quick working solution to workaround this Locked ISP/Carrier Grade NAT issues, is a no install required service called Serveo, an SSH server remote port forwarding, while may not fit every solution, home/soho can benefit from it I think. ::)

I just created a script to fit my needs with a heartbeat loop to auto reconnect upon remote host possible disconnections/target machine availability, and is working great so far from OPNsense appliance itself since its 24/7. :)

Maybe a very simple plugin supporting this and similar services could be useful, will take a look into it by the way.

Regards