Comment

Comment on [Question] Firewall noob vs. port forward

MangoPenguin@lemmy.blahaj.zone ⁨7⁩ ⁨months⁩ ago

Post a screenshot of your NAT > Port Forward rule if you can, that will be the easiest way to help I think

source

Sort:hotnew top

tofubl@discuss.tchncs.de ⁨7⁩ ⁨months⁩ ago
1000014418 1000014416 1000014417

The docker01 alias is a host alias with 10.0.0.22 and there’s an apache test container running on port 8888.

I have created a pass any in rule on WAN (just until I figure out what’s wrong)

In firewall > settings > advanced, I have set “reflection for port forwards” and “automatic outbound Nat for reflection” although I’m not sure if that is needed.

Is there any other info I can provide?

source
- maxwellfire@lemmy.world ⁨7⁩ ⁨months⁩ ago
  Your filter rule association is set to ‘rule’. What is that associated rule, and do things work if you change it to ‘pass’?
  
  reddit.com/…/correct_option_for_filter_rule_assoc…
  
  source
  - tofubl@discuss.tchncs.de ⁨7⁩ ⁨months⁩ ago
    Son of a gun!!! Thank you so much! I spent HOURS changing every setting except this one and actually came to the conclusion that it must be something to do with my ISP’s modem or DNS or something.
    
    The rule is the “associated filter rule” OPNsense automatically creates (interfaces are WAN and LAN) and it triggers as a “pass” just fine when I send a request.
    
    You don’t happen to have a clue WHY this rule breaks everything?
    
    Image
    
    source
- tofubl@discuss.tchncs.de ⁨7⁩ ⁨months⁩ ago
  Here’s some more: From behind the firewall (i.e. from a 10.0.0.x IP) the port forward works (which would be a reflection, I suppose?).
  
  From in front of the firewall, I get “connection reset”, which I interpret as somewhat working but then breaking somewhere else. Does that make sense?
  
  1000014421
  
  source
  - maxwellfire@lemmy.world ⁨7⁩ ⁨months⁩ ago
    Instead of connecting with a web browser, can you try using curl or telnet just to check if you’re getting through at the IP connection level?
    
    source
    tofubl@discuss.tchncs.de ⁨7⁩ ⁨months⁩ ago
    Further digging: The request reaches the docker container, which returns 200 OK.
    
    my-apache-app | 2024-02-09T12:53:22.925676854Z 192.168.0.123 - - [09/Feb/2024:12:53:22 +0000] “GET / HTTP/1.1” 200 161
    
    What is going on here? Do I need some rules in the other direction, on top of “Automatic outbound NAT rule generation”?
    
    source
    tofubl@discuss.tchncs.de ⁨7⁩ ⁨months⁩ ago
    Like this?
    
    ~$ curl 192.168.0.136:8888 curl: (56) Recv failure: Connection reset by peer
    
    source
    -> View More Comments