Comment on [Question] Firewall noob vs. port forward
tofubl@discuss.tchncs.de 7 months ago1000014418 1000014416 1000014417
The docker01 alias is a host alias with 10.0.0.22 and there’s an apache test container running on port 8888.
I have created a pass any in rule on WAN (just until I figure out what’s wrong)
In firewall > settings > advanced, I have set “reflection for port forwards” and “automatic outbound Nat for reflection” although I’m not sure if that is needed.
Is there any other info I can provide?
Here’s some more: From behind the firewall (i.e. from a 10.0.0.x IP) the port forward works (which would be a reflection, I suppose?).
From in front of the firewall, I get “connection reset”, which I interpret as somewhat working but then breaking somewhere else. Does that make sense?
Instead of connecting with a web browser, can you try using curl or telnet just to check if you’re getting through at the IP connection level?
Further digging: The request reaches the docker container, which returns 200 OK.
my-apache-app | 2024-02-09T12:53:22.925676854Z 192.168.0.123 - - [09/Feb/2024:12:53:22 +0000] “GET / HTTP/1.1” 200 161
What is going on here? Do I need some rules in the other direction, on top of “Automatic outbound NAT rule generation”?
Like this?
~$ curl 192.168.0.136:8888 curl: (56) Recv failure: Connection reset by peer
maxwellfire@lemmy.world 7 months ago
Your filter rule association is set to ‘rule’. What is that associated rule, and do things work if you change it to ‘pass’?
reddit.com/…/correct_option_for_filter_rule_assoc…
tofubl@discuss.tchncs.de 7 months ago
Son of a gun!!! Thank you so much! I spent HOURS changing every setting except this one and actually came to the conclusion that it must be something to do with my ISP’s modem or DNS or something.
The rule is the “associated filter rule” OPNsense automatically creates (interfaces are WAN and LAN) and it triggers as a “pass” just fine when I send a request.
You don’t happen to have a clue WHY this rule breaks everything?
Image