I recently replaced my home router with a device running OPNSense. Very successful production deployment.
I deployed a Navidrome server for streaming my personal music collection to Subsonic-supported clients. I initially skipped forwarding external traffic to Navidrome server, but now it’s time.
Configuring Port Forwarding
Navigate to Firewall: NAT: Port Forward. Click the ‘+’ (plus sign) to create a new port forwarding rule.
The Navidrome server has a static IPv4 address assigned via DHCP and runs on port 4533.
- Interface: WAN1, WAN2. My OPNSense router is configured to load balance between two broadband providers, therefore both gateway interfaces are selected from the list of all interfaces.
- Destination: This tricked me: the gateway addresses are dynamic, so specifying destination by IPv4 is going to be brittle. Scroll down and select This Firewall so traffic through either gateway interface is forwarded to the Navidrome server.
- Destination port range: the from:/to: ports can be selected by name, e.g., HTTPS, IMAPS, LDAP, or chose (other) and 4533. Navidrome uses a single port so the from and to port number is the same.
- Redirect target IP: the internal network address of the Navidrome server.
- Redirect target port: 4533
Press Save.
The port forwarding must be explicitly applied before taking affect.
To test, I disabled Wi-Fi on my iPhone and used a browser to navigate to my external address on port 4533. Voila!
