Differences

This shows you the differences between two versions of the page.

--- other:networking:opnsense:dmz [2023/09/27 07:43] – rodolico
+++ other:networking:opnsense:dmz [2023/09/27 10:22] (current) – rodolico
@@ Line 110: / Line 110: @@
       - Save
     - Repeat for other server(s)
+**Note:** Here we are forwarding ports to the same port on the internal target server. So, port 25 on the WAN targets port 25 on the mail server. This is NOT a requirement, though I don't think you can use aliases on the ports (never tried). Simply choose the Destination Port (25) as what you want on the public IP, then  choose a different //Redirect target port// for what it translates to the server. One reason to do this is to hide the actual ports. For example, you might want to use port 54321 as your ssh port to a specific server from the outside. You could change the port in the sshd config, but if you simply put 54321 as the Destination Port (both start and finish), the put port 22 as the Redirection Port, you don't have to reconfigure your server.
 === NAT Reflection ===
@@ Line 125: / Line 127: @@
 As of v23.7, the //Associate this with a regular firewall rule// does not appear to generate the correct rules. The rule shows up in the firewall, but does not work.
-This has been reported a few times, and I'm assuming the excellent coders will fix it soon, but a work around is to choose //Pass// as the correct value for this. **Note:** You can change //Associate this with a regular firewall rule// to //Pass// with no problem, but once it is set to //Pass// you can not change back.
+This has been reported a few times (see https://forum.homenetworkguy.com/index.php?topic=128.0] for one of them, and I'm assuming the excellent coders will fix it soon, but a work around is to choose //Pass// as the correct value for this. **Note:** You can change //Associate this with a regular firewall rule// to //Pass// with no problem, but once it is set to //Pass// you can not change back.