Welcome to the Home Network Guy forum!

Main Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Home Network Guy

I just learned something today about NAT port forwarding. I had incorrectly assumed the settings under Firewall > Settings > Advanced would cause the corresponding WAN rule to be created. However, it gets created when you select "Add associated filter rule" option at the bottom of the NAT port forward rule. However, if you only have one WAN, you can also select "Pass". If you select "Pass", the corresponding WAN rule will not be displayed but the NAT port forward should still work properly.
Security/Advisories / ParkMobile Breach
May 26, 2021, 10:58:24 AM
I received the following email from ParkMobile about a breach that occurred in March 2021. You may want to change your password since they did not automatically reset passwords for all their users since they stated the passwords were hashed/salted and the encryption keys were not compromised. Better to be safe than sorry!
That's odd no WAN rules we're automatically generated. Did you have those 2 advanced firewall settings enabled before creating the rule? The NAT rule and WAN rule you created looks good at a glance. You can't see all the details of each rule on the main rule list pages so not sure if some other odd/incorrect settings are set.

Port forwarding should be pretty simple in general. I have some servers in the DMZ with port forwarding am that works well and the rules are auto generated on the WAN. You can tell which rules are auto generated from the NAT rule because you can't edit those WAN generated rules. You can only remove them.

I'm trying to think of what's wrong. There are lots of knobs and buttons you can turn and push in OPNsense and if you push the wrong ones then you can get into trouble. You said you started from a clean configuration with minor changes so that may not be the issue. I may try think about this more tomorrow. I was away from home today so I was answering in between doing other things with the family.
Use WAN address rather than WAN net. I forgot to specify earlier. Also do you see a corresponding WAN rule created for those 2 rules? You should have 2 rules created automatically on the WAN interface if you have those options enabled that I mentioned earlier.
I think I see the problem. You need to select WAN as your destination since you are port forwarding the WAN address to access your servers remotely. Then for the redirect address you would pick your internal server IPs.
What do your NAT port forward rules look like? By default OPNsense doesn't create the corresponding WAN rule so you will need to either manually add the WAN rule or change the default setting on "Firewall > Settings > Advanced" page. Enable both "Reflection for port forwards" and "Automatic outbound NAT for Reflection". That should enable behavior similar to consumer based router and some other routers.
How-to Discussions / Re: VLAN DHCP In OPNSense?
May 06, 2021, 02:00:36 PM
Is your computer that you are logging into OPNsense on the same default LAN network? By default OPNsense runs on When working with VLANs, the default untagged VLAN ID is usually 1. So that means all ports on your switch that do not have any VLANs set will be on that default untagged VLAN 1. Make sure the computer you are connecting to OPNsense is on an untagged port.

Also, you will need to sure that the port on the switch that the OPNsense box is connected to is set up to allow all VLAN tags to pass through. Different network device manufacturers use different terms. Some call it trunk ports. The port the router is plugged into needs to be configured to allow all VLAN and untagged traffic if you are using the default VLAN 1 as the management VLAN. I think it's easiest to use the default VLAN.

I know some people prefer to change the management network to a different VLAN since it's easy to make the mistake of plugging a device on an untagged port and have access to the network management network. If you set all of your other ports to be in different VLANs (or may another default unused VLAN ID), then you would not have to worry about that issue as much.
How-to Discussions / Re: VLAN DHCP In OPNSense?
April 08, 2021, 07:45:40 AM
Yes, that should be adequate to give you basic VLAN support. Unmanaged switches will often pass along VLAN tags, but you can't configure any of the ports to participate in VLANs, which is why you need a smart/managed switch. Once you have the switch, you will set up the same VLAN IDs on both the switch and OPNsense (or whatever router software you are using).
How-to Discussions / Re: VLAN DHCP In OPNSense?
March 31, 2021, 09:18:31 AM
Are all of your switches VLAN aware? Also when you daisy chain your switches, you will need to make sure that the ports connecting each switch are configured to be as a "trunk" so that it will pass all of the VLAN IDs between the switches. The terminology for VLAN "trunks" can vary between vendors, but the concept is the same. You need to make sure the VLAN tags can propagate between all of the switches. That is my first thought on why you are not getting any DHCP addresses assigned if you are following the guide without knowing any other information about your configuration.
Topic Suggestions / Migrating My Home Server to Proxmox
November 04, 2020, 02:53:59 PM
The steps it took to migrate my home server from Ubuntu Linux to Proxmox. Also a brief description on the benefits of running Proxmox rather than just a standard Linux server.
Instructions on how to build your own OPNsense router using a mini-PC and a brief discussion on the benefits of building your own router.
This how-to would include examples of writing a WAN firewall rule and using a NAT port forward firewall rule. Also, explaining the difference of when you need to use a WAN rule rather than a NAT Port Forward rule.