3 min read

OPNsense Essentials: A Friendly Guide to Firewall Freedom

Banner image

Basic to Advanced Configurations for OPNsense like setting up port forwarding, static IPs, and more!


I’ve been using OPNsense for a while now. I thought about switching to PFsense because it’s more popular, but I found out OPNsense gets updates more often and its interface is much better. So, I stuck with OPNsense. Even though OPNsense’s official docs are good, I had to Google some small things. This article is meant to be a guide for anyone trying to figure out OPNsense, whether it’s simple stuff or more complicated tasks.

Static IP

Alright, so, a static IP is like giving your device a permanent home address on your network. It doesn’t change, unlike those dynamic ones that keep switching around. It’s super handy for certain devices you always want to find in the same spot on your network, like a printer or your trusty file server.

Here’s how to set a static IP in OPNsense:

Go to `Services > DHCPv4 > LAN`
Scroll to the bottom and click `+` icon under `DHCP Static Mappings for this interface` section
Add MAC address of the device
Add a Client identifier
Add an IP address you wish to set
Add a hostname you wish to set
Add a Description
Enable ARP Table Static Entry
Click Save

Port Forwarding

Port forwarding might sound a bit technical, but it’s actually pretty neat! It’s like setting up a direct path for internet traffic to reach a specific device or service in your network. Let’s say you want your awesome service that is hosted on a computer accessible from the internet. Port forwarding makes it happen by opening up a specific ‘port’ and directing the right traffic straight to where it needs to go.

To get this working in OPNsense, here’s a simple breakdown:

Go to `Firewall > NAT > Port Forward`
Click `+` icon to add a new rule
Set Protocol to `TCP/UDP`
Set Destination to WAN address
Set Destination port range according to your desire
Set Redirect target IP to IP of your local machine hosting the service
Set Redirect target port to machines port serving the service
Enable Log
Add a Description
Click Save

After setting this up, your services should be accessible via your public IP. However, you may still encounter issues when trying to access them from inside your local network. To resolve this, you’ll need to make some additional configurations.

1. Go to `Firewall > Settings > Advanced`
2. Enable Reflection for port forwards
3. Enable Automatic outbound NAT for Reflection


The ARP table is like your network’s address book, keeping track of who’s who. It stores the MAC addresses linked to IP addresses, helping devices find each other on the network. You can utilize this table to discover the IPs and MAC addresses of all connected devices in your network.

Finding the ARP table is very simple in OPNsense.

Go to `Interfaces > Diagnostics > ARP Table`

Update Firmware

Okay, so updating your firmware is like giving your OPNsense a tune-up. It’s not just about new features; it’s also about fixing bugs and keeping things safe and sound. It’s like hitting the ‘update’ button on your apps—important stuff!

In OPNsense, keeping things fresh is easy. Also, some updates may require a full reboot. OPNsense takes care of it though.

Go to `System > Firmware > Status`
Click `Check for update`