In an effort to help those individuals, I decided to write my most comprehensive guide to date. I will discuss how to build an entire network using OPNsense and other network hardware in order to demonstrate how all of it works together. Much of the guide will be focused on OPNsense configuration since it lies at the core of the network infrastructure, but managed switches and wireless access points will be discussed as well.
Source: Set Up a Fully Functioning Home Network Using OPNsense (Home Network Guy)
A firewall alias is a powerful feature which should not be overlooked
Source: Write Better Firewall Rules in OPNsense using Aliases – Home Network Guy
If you have been using a standard router and decide to upgrade to OPNsense or pfSense (I personally recommend OPNsense, solely because of the heavy-handed moderation in the pfSense user forum, where a user can apparently get banned for life for even a small inadvertent infraction), you may find that making a game console or a VoIP PBX work isn’t as simple as just forwarding some ports. The other thing you have to do is shown in this video:
Although the video specifically mentions the PS4 and XBOX, the advice shown is equally valid for other types of game consoles and for home PBX servers. Note the section starting at 3:20 in the video, where the “Static Port” checkbox is checked – this is the key to making it work!
The OPNsense user interface will look a bit different than the one in pfSense but the principle is the same; you still need to make sure the “Static Port” checkbox is checked. And in either case, you may still need to do port forwarding, the same as you did on your previous router, but generally speaking port forwarding alone will not work until the additional configuration shown in the video is applied. Here’s an example of setting up a static port rule in OPNsense (note that the source address field refers to a previously-set alias for the IP address of the Asterisk PBX):
VoIP PBX users, there is one other thing you may need to do, at least in OPNsense, particularly if you find that you have a non-local extension that is unable to connect to your PBX. If you are using a Dynamic DNS address, make sure you go to System: Settings: Administration and put that dynamic DNS address in the “Alternate Hostnames” field.