News:

Welcome to the Home Network Guy forum!

Main Menu
Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Wolven

#1
Cool. It's always nice to learn something new.

So I edited my NAT Port Forwarding settings for both the servers to include the "pass" setting for 'Add associated filter rule' and I tried with and without my FW rule for allowing traffic to pass on ports 25565 - 25566 on the WAN interface, but I still can't connect to the servers from outside of my LAN. I only have one WAN interface, so as you said nothing showed up under the FW rules, but the icons changed from > to <->



I try scanning the ports with this tool: https://www.ipfingerprints.com/portscan.php but they're both "filtered"

There must be something really obvious that I'm doing wrong here. How hard could it be to get this configured right...  ::) Anyway. I'm about to set up a new computer for OPNsense, so I'll do a fresh install, just to start from scratch and then see if I can get this working. I'll report back whether I get it working or not.
#2
Thanks for all the help so far. I really appreciate it.

Yes, both those firewall setting where enabled when I created the rule. The install is fresh, just a few days old, but I've been trying out different things, so there might be a setting which I've not reverted back to default. I can try to do a fresh install, now that I sort of know what the settings should look like. It doesn't require that much time and effort to do.
#3
OK. So under Port Forwarding the destination is set to WAN address, not WAN net.

Both Reflection for port forwards and Automatic outbound NAT for Reflection are (and where) enabled, but no corresponding rule for WAN appeared under Firewall: Rules: WAN. I did test with allowing traffic through ports 25565 - 25566 in the WAN interface, but still no luck. Not sure if I did this part right, or why no rules got generated automagically.




#4
I've tried this also. And I just gave it another go now. Both with destination as WAN address and WAN net.





#5
Thanks for your reply.

I've tried different NAT port forwarding rules. At the time of creating the OP I had none, as I revered all the tweaks I'd made to start fresh.

Under Firewall -> Settings -> Advanced I already had Reflection for port forwards" and "Automatic outbound NAT for Reflection" enabled. Not sure I enabled these myself in my attempt to get this working, or if these are enabled by default.

The Port Forwarding rules, that makes sense to me:


Firewall Settings Advanced
#6
Hello.

A few days ago I set up an OPNsense box and split my network into a LAN and a DMZ. And I can't for the life of me reach my two Minecraft servers from the internet. Before I set up OPNsense I had them working fine behind my Netgear router with DynDNS and port forwarding. I'm no stranger to configuring a network and having a segregated LAN and DMZ, but the last time I did this was over 10 years ago, using Smoothwall Express. So I'm rusty...

Anyway. I'll describe my network as best I can.

Hardware:

The OPNsense box has three physical NICs, so I'm not using a VLAN.

NIC0: WAN - 192.168.1.0/24
NIC1: LAN - 192.168.10.0/24
NIC2: DMZ - 10.0.0.0/24

The server (Proxmox) has two physical NICs.

NIC0: LAN - 192.168.10.0/24
NIC1: DMZ - 10.0.0.0/24

I also have two Netgear switches, one 5 ports and one 8 ports, and a Netgear Wi-Fi router with 4 LAN ports.

The 5 port switch connects the DMZ and the 8 port switch connects the LAN and the Wi-Fi router. The WAN is connected to my ISP's router

Configuration:

I'm using Dynamic DNS (No-IP) to host my domain. Let's call it: "mydomain.com" I've set up two subdomains, one for each server: "creative.mydomain.com" and "survival.mydomain.com"

The two virtual servers are configured as follows:
creative - IP: 10.0.0.27 Port: 25565
survival - IP: 10.0.0.26 Port: 25566

Both servers get their IPs from DHCP, but they are static leases. From the game, I can connect to both servers from my LAN using "creative.mydomain.com" and "survival.mydomain.com" And they both respond to ping using their IPs, hostnames and full domain name.

Before I set up the OPNsense box, the servers could be reached from the internet, so as far as I know, both the servers and the No-IP configuration should be. The problem is my OPNsense configuration. I've tried various firewall rules, NAT settings, and DNS settings, but I just can't seem to get it right...

I've reset most of the settings back to the defaults now, to start from scratch and not confuse myself. So at the moment my configuration is very basic and as follows:

Firewall-Rules-DMZ


Services-DHCPv4-Leases


Services-Dynamic-DNS


Services-Unbound-DNS-General


Other than this, the configuration is default, as it is "out of the box". Unless there's something I messed with and forgot to revert back.

There's probably just some obvious basics I don't understand. Any pointers would be appreciated. Let me know if I left out some vital information and I'll provide it.