this post was submitted on 07 Nov 2023
8 points (100.0% liked)

OPNsense

508 readers
3 users here now

All discussions about the open source, FreeBSD-based firewall called OPNsense.

founded 2 years ago
MODERATORS
 

Hi everyone,

I’m at my wits end here getting port forwarding working on my setup with Nginx Proxy Manager (NPM) and OPNsense.

I recently upgraded my networking gear, and everything is working great, I’m loving OPNsense and 10G networking. I’ve had the same setup for port forwarding for years and never had issues, the main change was the addition of OPNsense and a switch.

Previous setup (I realize this wasn’t the best):

ISP modem -> DHCPv4 with ports 80/443 forwarded to ASUS wireless router WAN -> DHCPv4 with ports 80/443 forwarded to VM on proxmox running NPM -> NPM set up with hosts to proxy services on other VMs/server.

This (or a variation thereof) has all been working great for years, along with ddns set up as I have a dynamic IP.

New setup:

ISP modem -> DHCP off with ports 80/443 forwarded to OPNsense WAN via MAC address -> OPNsense NAT-Port Forwarding set up to the NPM host/port, rest is the same as before.

The settings for the port forward are the standard I’ve found in guides. WAN address, any source/port, redirect to NPM host and ports. Tried the domain I usually use, no luck. Port checker shows the ports are closed.

Tried the following:

  1. DMZ on the ISP modem keeping WAN IP default/automatic and adding OPNsense to the DMZ, no change.
  2. Advanced DMZ on ISP, WAN is the external IP, no change
  3. Same as 2, but changed OPNsense WAN settings from DHCPv4 to PPPoE, and added the ISP login info. Received new IP, updated ddns, still no change.
  4. Checked over port forwarding settings, enabled NAT reflection, still nothing.

I’m between all these steps, I rebooted OPNsense, proxmox, switches, etc.

Any ideas on what I could try for next steps? All of the local networking and external connections work awesome, it’s just the port forwarding as the last piece. Thanks!

Edit 2023-01-03:

I finally solved this, turned out the OPNSense and NPM configuration was all correct.

The problem was a glitch in the docker compose/portainer. I had my ports in docker compose set to 80:80/443:443, but when the container was deployed, it assigned 1880:80/18443:443 because of…reasons, and I didn’t notice until going through it all line by line 🤦.

Redeploying the stack/container didn’t solve it, so I changed the time zone to another city, redeployed and viola, everything works perfect as it should!

top 6 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 1 year ago (1 children)

I'm dealing with a similar issue, but only on some services. I'd like to know too.

[–] rehydrate5503 2 points 1 year ago (1 children)

So in your setup, some ports are open and some are closed? Or it goes through to NPM but only some services are working?

[–] [email protected] 1 points 1 year ago

For me, I have an ISP modem bridged to a router with ports forwarding to a bare metal PC with NPM on it (docker image), and then a separate proxmox machine. Some of the services in Proxmox just seem to work, others don't.

I'm in over my head a bit, and also life stuff is getting in the way so I can't sit down and figure it all out.

[–] rehydrate5503 2 points 11 months ago

Reviving this for the new year, in case someone else runs into this issue… I finally solved it.

The problem was a glitch in the docker compose/portainer. I had my ports in docker compose set to 80:80/443:443, but when the container was deployed, it assigned 1880:80/18443:443 because of…reasons, and I didn’t notice until going through it all line by line 🤦.

Redeploying the stack/container didn’t solve it, so I changed the time zone to another city, redeployed and viola, everything works perfect as it should!

[–] [email protected] 1 points 1 year ago (1 children)

Did you also set up allow rules for the WAN firewall in OPNsense?

[–] rehydrate5503 2 points 1 year ago

Yes, I added it in the set up, just used the dropdown that automatically adds rules. Also tried deleting the automatic rules and adding the same manually, still nothing ☹️

This is driving me nuts and I may end up looking for another solution.