Welcome to the Home Network Guy forum!

Recent Posts

Pages: 1 ... 8 9 [10]
I think I see the problem. You need to select WAN as your destination since you are port forwarding the WAN address to access your servers remotely. Then for the redirect address you would pick your internal server IPs.
Thanks for your reply.

I've tried different NAT port forwarding rules. At the time of creating the OP I had none, as I revered all the tweaks I'd made to start fresh.

Under Firewall -> Settings -> Advanced I already had Reflection for port forwards” and “Automatic outbound NAT for Reflection" enabled. Not sure I enabled these myself in my attempt to get this working, or if these are enabled by default.

The Port Forwarding rules, that makes sense to me:

Firewall Settings Advanced
What do your NAT port forward rules look like? By default OPNsense doesn’t create the corresponding WAN rule so you will need to either manually add the WAN rule or change the default setting on “Firewall > Settings > Advanced” page. Enable both “Reflection for port forwards” and “Automatic outbound NAT for Reflection”. That should enable behavior similar to consumer based router and some other routers.

A few days ago I set up an OPNsense box and split my network into a LAN and a DMZ. And I can't for the life of me reach my two Minecraft servers from the internet. Before I set up OPNsense I had them working fine behind my Netgear router with DynDNS and port forwarding. I'm no stranger to configuring a network and having a segregated LAN and DMZ, but the last time I did this was over 10 years ago, using Smoothwall Express. So I'm rusty...

Anyway. I'll describe my network as best I can.


The OPNsense box has three physical NICs, so I'm not using a VLAN.


The server (Proxmox) has two physical NICs.


I also have two Netgear switches, one 5 ports and one 8 ports, and a Netgear Wi-Fi router with 4 LAN ports.

The 5 port switch connects the DMZ and the 8 port switch connects the LAN and the Wi-Fi router. The WAN is connected to my ISP's router


I'm using Dynamic DNS (No-IP) to host my domain. Let's call it: "mydomain.com" I've set up two subdomains, one for each server: "creative.mydomain.com" and "survival.mydomain.com"

The two virtual servers are configured as follows:
creative - IP: Port: 25565
survival - IP: Port: 25566

Both servers get their IPs from DHCP, but they are static leases. From the game, I can connect to both servers from my LAN using "creative.mydomain.com" and "survival.mydomain.com" And they both respond to ping using their IPs, hostnames and full domain name.

Before I set up the OPNsense box, the servers could be reached from the internet, so as far as I know, both the servers and the No-IP configuration should be. The problem is my OPNsense configuration. I've tried various firewall rules, NAT settings, and DNS settings, but I just can't seem to get it right...

I've reset most of the settings back to the defaults now, to start from scratch and not confuse myself. So at the moment my configuration is very basic and as follows:





Other than this, the configuration is default, as it is "out of the box". Unless there's something I messed with and forgot to revert back.

There's probably just some obvious basics I don't understand. Any pointers would be appreciated. Let me know if I left out some vital information and I'll provide it.
How-to Discussions / Re: VLAN DHCP In OPNSense?
« Last post by Ruok2bu on May 08, 2021, 01:34:13 AM »
My switch is an all or nothing kind of thing. If i enable VLAN support, all ports have it enabled, i cant leave one port un-enabled.
How-to Discussions / Re: VLAN DHCP In OPNSense?
« Last post by Home Network Guy on May 06, 2021, 02:00:36 PM »
Is your computer that you are logging into OPNsense on the same default LAN network? By default OPNsense runs on When working with VLANs, the default untagged VLAN ID is usually 1. So that means all ports on your switch that do not have any VLANs set will be on that default untagged VLAN 1. Make sure the computer you are connecting to OPNsense is on an untagged port.

Also, you will need to sure that the port on the switch that the OPNsense box is connected to is set up to allow all VLAN tags to pass through. Different network device manufacturers use different terms. Some call it trunk ports. The port the router is plugged into needs to be configured to allow all VLAN and untagged traffic if you are using the default VLAN 1 as the management VLAN. I think it's easiest to use the default VLAN.

I know some people prefer to change the management network to a different VLAN since it's easy to make the mistake of plugging a device on an untagged port and have access to the network management network. If you set all of your other ports to be in different VLANs (or may another default unused VLAN ID), then you would not have to worry about that issue as much.
How-to Discussions / Re: VLAN DHCP In OPNSense?
« Last post by Ruok2bu on May 06, 2021, 02:24:46 AM »
So im having a problem, i followed all your guides, got VLAN's set up, enabled the DNS and DHCP rules for them (at the very least my management computer), got a smart VLAN switch. But everytime i enable VLAN on the switch (and set it to use the same VLAN IDs as i have configured on site), i lock myself out of OpenSense.

Any idea how to get around this?
How-to Discussions / Re: VLAN DHCP In OPNSense?
« Last post by Home Network Guy on April 08, 2021, 07:45:40 AM »
Yes, that should be adequate to give you basic VLAN support. Unmanaged switches will often pass along VLAN tags, but you can't configure any of the ports to participate in VLANs, which is why you need a smart/managed switch. Once you have the switch, you will set up the same VLAN IDs on both the switch and OPNsense (or whatever router software you are using).
How-to Discussions / Re: VLAN DHCP In OPNSense?
« Last post by Ruok2bu on April 05, 2021, 02:48:09 PM »
Aha! That was the problem. My switches are dumb and unmanaged.
I'm going to get one 8 port VLAN aware switch instead.

I was looking at https://www.amazon.ca/TP-Link-Ethernet-Unmanaged-Replacement-TL-SG108E/dp/B00K4DS5KU  Is that one good enough or do you recommend something else? Ideally i dont want to spend over $100 on the switch.

P.S. It will be used at home where i need to isolate 5 networks.

P.P.S. I was using Sonicwall SOHO for the last 15 years but got tired of having to pay yearly for access to updated firmware.
How-to Discussions / Re: VLAN DHCP In OPNSense?
« Last post by Home Network Guy on March 31, 2021, 09:18:31 AM »
Are all of your switches VLAN aware? Also when you daisy chain your switches, you will need to make sure that the ports connecting each switch are configured to be as a "trunk" so that it will pass all of the VLAN IDs between the switches. The terminology for VLAN "trunks" can vary between vendors, but the concept is the same. You need to make sure the VLAN tags can propagate between all of the switches. That is my first thought on why you are not getting any DHCP addresses assigned if you are following the guide without knowing any other information about your configuration.
Pages: 1 ... 8 9 [10]