0

Trying to pass web traffic through to a CentOS VM on my internal WLAN from a WAN address.

Devices on my WLAN (172.16.99.X) can access my webserver (172.16.99.27:801) fine.

When trying to access my WebServer externally, I can't even see requests (Firewall Live Log) been made from my mobile device on the WAN (102.X.X.X) to my web server.

I have set up a NAT rule:

  • Interface: WAN
  • Proto: TCP
  • Src Address: 102.X.X.X
  • Src Port: *
  • Des Address: 172.16.99.27
  • Des Port: *
  • NAT IP: 172.16.99.27
  • NAT Port: 801
  • Log: Enabled
  • NAT Reflectoin: Enabled

I even tried enabling NAT Reflection under Firewall -> Advance as per a perious article in OPNsense.

I am struggling to troubleshoot when I don't see any logs in Live View. Thanks in advance :o

System: Versions OPNsense 21.7.1-amd64 FreeBSD 12.1-RELEASE-p19-HBSD LibreSSL 3.3.3

east1000
  • 1,240
  • 1
  • 10
  • 30
nobody-at-all
  • 43
  • 5

1 Answers1

0

A possible the answer is too simple: the rule you configured is never called, hence no log entry. Since your setup works, more likely is you don't log at all, as a global setting.

Check in System > Settings > Logging the "Disable writing log files to the local disk" option: if checked, nothing at all will be logged locally. Since you don't specify how you set up your install, do you see any other log messages showing at all? If not, unset this option.

To fix your rule specifically, enable local logging and in your firewall rule in Firewall > NAT > Port Forward with your parameters turn on logging for your rule.

The one meaningful entry in the log live view you should be getting is "IPv6 RFC4890 requirements (ICMP)" on connect, nothing else. Clicking on the info icon in that line helped me identify the reason on my machine: in the pop-up the rule id is both displayed and clickable. If it points to a rule different than expected find and toggle the other rule for testing, and work from there.

(Worth a short hint, trying to reproduce your result I uncovered a conceptual fail on my side, as I had a useless rule in Firewall > Rules > WAN that was never called. If disabling your rule has no effect there may be a similar error. Check if you checked the correct rule for logging.)

raddaqii
  • 311
  • 2
  • 4