Still problems with OPNsense

Thanks to all the help, I managed to get my centos 7 server working perfectly with OPNsense.
Now I want to move it all over to Rocky. Having dome this before with SMF Forums, I expected this to be simple.

I copied my server1 and server2 conf files from /etc/httpd/conf.d
I copied the SMF databases over now I’ve got MySQL
I already entered the details into the DNS.
I cloned all the Aliases, Virtual IPs, NAT–>Port Forwarding and Rules, making sure to change IP and names etc.
Centos works, but not Alma.

I still have a lot of confusion over the OPNsense setup. As always, the more you read, the more confused you become because (like mySQL) there are lots of different answers, but I always seem to pick the ones that don’t work.

One confusion. I create an Alias for the Server - server1,
Enabled
Name server1_server
Type Hosts(s)
Content - What exactly should I use here. my INTERNAL or EXTERNAL IP Address? I see no place to put a NetMask or anything
Statistics - left blank
Description Server1 Server

I’ve seen both internal and external IP addresses. My guess is ExTERNAL, My daughter’s INTERNAL.

Now to Port Forwarding - This is what I have:
Disabled - blank
No RDR - blank
Interface - WAN???
TCP/IP version - IPV4
Protocol - TCP
Source - Advanced
Destination invert - blank
Destination WAN Address???
Destination Port Range - from rocky_ports to rocky_ports
Redirect Target IP - rocky_server (local or external IP? question above)
Redirect Target Port - rocky_ports
Pool options - Default
Log - blank
Category - blank
Description - Rocky Port Forward
Set Local Tag - blank
Match Local Tag - blank
No XMLRPC Sync - blank
NAT Reflection - Enable
Filter Rule Assoviation - None

I read this in reply to a similar problem on the OPNsense Forum:

In Interfaces > Virtual IPs > Settings keep the same netmask as for your primary IP address, probably /27.
In Firewall > NAT > Port Forwarding (and all firewall rules where you want to do something with a single VIP) use a /32 netmask, meaning “only a single address”.

Very confusing. Can you clear this up? Something isn’t right in my setup. See ???

The aliases and port forwarding I already explained in your previous post: Have we any OPNsense gurus out there? - #15 by iwalker

all the information in that original thread clearly explains how to configure it properly so that it works, including the VIP’s if you are not going to be using the public IP which is currently on the WAN port. I suggest re-reading all the info there.

The opnsense forums are your best bet for help if you are unable to get it working with the information that was provided so far.

I followed your instructions and it worked fine. My mail server was sending and receiving mail and the CentOS 7 Server was woring fine (still is)

The problem started when I added a new Virtual IP xxx.xxx.xxx.60 for Rocky. As I said I cloned everything from CenTOS (working) just changing the IP and names. The DNS was configured and I copied all the details from the CentOS.

I ran SMF repair_settings on Rocky and it was seemed fine but no one can access it outside of the firewall. The forums worked perfectly locally. I brought down the CenTOS and then even locally it stopped working.

I only noticed this morning that since I added the new Virtual IP xxx.xxx.xxx.60, even the mail server doesn’t receive mail any longer. I can send, but nor receive. It MUST be some setting wrong in the Firewall/

It’s setup as per your original reply. It WAS working until I installed the new Virtual IP, so with xxx.xxx.xxx.58 and xxx.xxx.xxx.59 it was fine. As soon as I add another VIP it stops working (parts of it).

I DID ask on OPNsense, but no one bothers to reply.