Need help - OPNsense port forwarding

[Deadjasper]

Can't get it to work.

I can find instructions via Googled but they all appear to apply to other versions, not the version I have (the latest). I'm seeing settings that are not in my version. I've tried everything I can and still can't get it to work. Previously I was using PfSense and had no problem with port forwarding. May have to go back to it.

 

[Vermillion]

Can't get it to work.

I can find instructions via Googled but they all appear to apply to other versions, not the version I have (the latest). I'm seeing settings that are not in my version. I've tried everything I can and still can't get it to work. Previously I was using PfSense and had no problem with port forwarding. May have to go back to it.

What are you trying to forward?

 

[Deadjasper]

What are you trying to forward?

I'm running Blue Iris and need to remote into it to access my ip cams. PfSense was no problem at all and at this point I'm trying to solve the problem of it not working on a Dell Wyse 5070. OPNsense is not for me. I tried to sign up at their forums but never received the activation link.

 

[Vermillion]

No idea why you didn't get the email.

I have port forwarding on my opnsense and it was never a hassle. I forward the port for wireguard and for HTTP/HTTPS when I open those up on the WAN to renew my LetsEncrypt cert for Bitwarden.

The attached pictures are my settings for forwarding to Bitwarden. The blacked out piece is the IP address of my server. These are probably a little more open then they should be in terms of source IPs but I only open these on the WAN side for about 2 minutes every 90 days to renew my cert.

 

[Deadjasper]

No idea why you didn't get the email.

I have port forwarding on my opnsense and it was never a hassle. I forward the port for wireguard and for HTTP/HTTPS when I open those up on the WAN to renew my LetsEncrypt cert for Bitwarden.

The attached pictures are my settings for forwarding to Bitwarden. The blacked out piece is the IP address of my server. These are probably a little more open then they should be in terms of source IPs but I only open these on the WAN side for about 2 minutes every 90 days to renew my cert.

I have no idea why I couldn't get it to work. It was a frustrating ordeal. The worst kind of problems are those that just don't work. No error messages or hints of any kind, they just don't work.

Yesterday the M.2 SATA SSD arrived and I was able to get pfSense installed and booting without issues. I was also able to configure port forwarding without issues so I'm back in business. I liked the OPNsense GUI better than pfSense and would have stayed with it if I could have gotten port forwarding to work.

EDIT: I'd also like to add that I tried to join the OPNsense forum and never received the activation email so I guess it just wasn't meant to be.

 

[MrGuvernment]

Did you have any block firewall rules on any interfaces?

 

[Deadjasper]

Did you have any block firewall rules on any interfaces?

This was a fresh install so no firewall rules other than those auto created. I'm back to pfSense now and all is well. Had no problem getting port forwarding configured and working as it should. I like OPNsense GUI better than pfSense but it has to work first and foremost, if it doesn't it's garbage. Also don't like the fact that I didn't get a response when I tried to join the OPNsense forum.

My next project will be a Pihole box. I have a Wyse 3040 on the way for that.

 

[MrGuvernment]

Can also do pfblocker , while a little more complex than PiHole it can be pretty powerful, but can also get frustrating as well ifyou try to lock down too much.

 

[Deadjasper]

Can also do pfblocker , while a little more complex than PiHole it can be pretty powerful, but can also get frustrating as well ifyou try to lock down too much.

I am using pfblocker. For the most part it works, I block China but do occasionally one or two slip through. My main reason for wanting pihole is to block ads.

 

[SamirD]

My next project will be a Pihole box. I have a Wyse 3040 on the way for that.

Did you also get in on the $35 deal?

 

[Deadjasper]

Did you also get in on the $35 deal?

Yep, I did. Got it up and running with DietPI.

 

[OFaceSIG]

I have never used OPNsense but I know a lot of people do. I know pfsense's GUI isn't perfect but once you get it running, it's pretty solid. I've been running pfsense probably for a decade now. I think I'm on my 3rd or 4th physical incarnation of a pfsense build.

 

[Deadjasper]

I have never used OPNsense but I know a lot of people do. I know pfsense's GUI isn't perfect but once you get it running, it's pretty solid. I've been running pfsense probably for a decade now. I think I'm on my 3rd or 4th physical incarnation of a pfsense build.

I also used it for years but right in the middle of all this crap I discovered that it was using my isp's DNS servers instead of Cloudflare which it was set too. I never bothered to figure out why, just decided it was totally unacceptable and moved back to OPNsense.

 

[OFaceSIG]

I also used it for years but right in the middle of all this crap I discovered that it was using my isp's DNS servers instead of Cloudflare which it was set too. I never bothered to figure out why, just decided it was totally unacceptable and moved back to OPNsense.

That is strange. Usually once you set your DNS settings in pfsense it's set it and forget it. You can verify communication to port 53 and port 853 (dns over tls) in pftop under diagnostics. Pretty nifty.

 

[German Muscle]

Firewall -> NAT -> Port Forward

Create New +

Change the protocol to TCP/UDP, change the port range to the ones needed for blueiris(80-81), change target ip to the blueiris ip, change description and save.
Then make sure you hit apply changes at the top right on the NAT: Port Forward list.

 

[Deadjasper]

That is strange. Usually once you set your DNS settings in pfsense it's set it and forget it. You can verify communication to port 53 and port 853 (dns over tls) in pftop under diagnostics. Pretty nifty.

Yea, I thought it was strange too. Caught me completely by surprise. DNS settings should never be conditional and should never be overridden under any circumstances as far as I'm concerned.

 

[MrGuvernment]

I also used it for years but right in the middle of all this crap I discovered that it was using my isp's DNS servers instead of Cloudflare which it was set too. I never bothered to figure out why, just decided it was totally unacceptable and moved back to OPNsense.

I am going to say end user change or something forgotten while testing something..., i have been using pfsense for the better part of 20 years now and never had DNS settings get removed or changed.

 

[SamirD]

I am going to say end user change or something forgotten while testing something..., i have been using pfsense for the better part of 20 years now and never had DNS settings get removed or changed.

I think it's that site that OP used for testing as it didn't even return the right dns servers for me even though they are all set correctly and nslookup in command prompt is using the right server.