Help with opening ports to the internet

bobro2 · Aug 24, 2023

Hey everyone,

currently, I am struggling with opening some ports to the internet. My setup is:
- ISP modem with DHCP enabled (ISP ensured me that the ports should be open here)
- Aliexpress box with PVE and some VMs.
- One of the VMs is acting as my main router/DHCP server/firewall (OPNsense). It is getting IP from ISP modem.

The internet works in all of the VMs and the whole network. But I am struggling to open ports. I have Port Forwarding set up in the firewall.

Also I do not see any incoming traffic co my VM firewall. Using standard port checkers online.

PVE forewall is disabled on datacenter level.

Using only 2NICs, one as WAN the other one as LAN.

/etc/network/interfaces

Code:

auto lo
iface lo inet loopback

iface enp2s0 inet manual

iface enp3s0 inet manual

iface enp4s0 inet manual

iface enp5s0 inet manual

auto vmbr0
iface vmbr0 inet manual
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0
#WAN

auto vmbr1
iface vmbr1 inet static
        address 192.168.1.3/24
        gateway 192.168.1.1
        bridge-ports enp3s0
        bridge-stp off
        bridge-fd 0
#LAN

My goal is to open some ports of services I am currently running to the internet so some other online services can access them. And no VPN is not the solution for me.

Any help is appreciated.

bonniemiller · Aug 24, 2023

bobro2 said:
Hey everyone,

currently, I am struggling with opening some ports to the internet. My setup is:
- ISP modem with DHCP enabled (ISP ensured me that the ports should be open here)
- Aliexpress box with PVE and some VMs.
- One of the VMs is acting as my main router/DHCP server/firewall (OPNsense). It is getting IP from ISP modem.

The internet works in all of the VMs and the whole network. But I am struggling to open ports. I have Port Forwarding set up in the firewall.

Also I do not see any incoming traffic co my VM firewall. Using standard port checkers online.

PVE forewall is disabled on datacenter level.

Using only 2NICs, one as WAN the other one as LAN.

/etc/network/interfaces

Code:

auto lo iface lo inet loopback iface enp2s0 inet manual iface enp3s0 inet manual iface enp4s0 inet manual iface enp5s0 inet manual auto vmbr0 iface vmbr0 inet manual bridge-ports enp2s0 bridge-stp off bridge-fd 0 #WAN auto vmbr1 iface vmbr1 inet static address 192.168.1.3/24 gateway 192.168.1.1 bridge-ports enp3s0 bridge-stp off bridge-fd 0 #LAN

My goal is to open some ports of services I am currently running to the internet so some other online angry gran services can access them. And no VPN is not the solution for me.

Any help is appreciated.

Does the VM acting as your router/firewall have a public IP address assigned by your ISP modem? I think you face this problem here and you can check this by logging into the OPNsense web interface and going to Interfaces ‣ Overview. If the WAN interface has a private IP address (such as 192.168.x.x or 10.x.x.x), then you may need to enable bridge mode on your ISP modem or use DMZ to forward all traffic to your VM.

bobro2 · Aug 24, 2023

bonniemiller said:
Does the VM acting as your router/firewall have a public IP address assigned by your ISP modem? I think you face this problem here and you can check this by logging into the OPNsense web interface and going to Interfaces ‣ Overview. If the WAN interface has a private IP address (such as 192.168.x.x or 10.x.x.x), then you may need to enable bridge mode on your ISP modem or use DMZ to forward all traffic to your VM.

It has an assigned IP by the ISP modem DHCP server.
It starts with 10.x.x.x I think it is local because my external IP is different.
I cannot change anything useful in the ISP modem sadly.

Any tips how to setup DMZ in PVE?

Search

Search

Help with opening ports to the internet

bobro2

New Member

bonniemiller

New Member

bobro2

New Member