Cannot open for after using secure SSL
-
Hi, after i use dyno and let's encrypt for my SSL, i try to add new ports to open but when i check using port checker all the new ports cannot be open, but all the old ports is still open,
i try to use the old port and change the IP, then i access the website on public, but when i try to add new ports. it was closed.
sample:
port 83 is old port (before i use secure SSL)
port 8013 is new port ( after i use secure SSL )did anyone experience this problem ?
thank you.
-
@ipcam.starinc well that checker does is send a syn.. If it gets no syn,ack back then yeah it would fail. So 192.168.2.177 isn't listening on port 8013 or it has a firewall not allowing traffic too that port.
-
@johnpoz i can access it on local network. 8013
-
@ipcam.starinc said in Cannot open for after using secure SSL:
i can access it on local network
This mans your pfSense LAN interface allow TCP traffic to port 8013.
When you are using the "port checker" (some web site ?), the traffic will not use the LAN interface. It will use the WAN interface.
So the question is : does your pfSense WAN interface allow "TCP to port 8013" traffic ?
This :
shows the NAT rule. Each NAT rule has an associated firewall rule. You will find them on the WAN interface. These firewal rules have matching packet counters ( !!) in front them.
If these counters start to raise, you know they were 'used' (== matched) and traffic entered the WAN interface using that rule.So : what do these counters show you ?
Does your TCP port 8013 traffic even reached pfSense ?Example : some of my WAN NAT Firewall rules :
The first shows the good old IPv4 : 11+ Mbytes of traffic.
The second shows the incoming IPv6 traffic for the same device : 7+ GBytes of traffic. -
Perhaps more accurately it means the server at 192.168.2.177 allows connections to port 8013 from local hosts but it might still be blocking external hosts. Either way it looks like a firewall issue on the server directly to me.
But to be sure try checking the state table (Diag > States) in pfSense when you run the external port checker. Do you see it open states for port 8013 on both interfaces?
-
thank you for the help guys. i fix the problem. i use 443 and HAproxy.
thank you
-
@ipcam.starinc not really a "fix" if you have device X on your network listening on port X, you can forward that port.. If its not working port X is not getting to pfsense wan, internet block, or incorrect setup on pfsense firewall to allow it.
Or your device X is not actually listening on port X, or it has a firewall blocking traffic to X from the source IP.
etc.. etc.. The "fix" if you want to forward that port is to actually fix what is stopping that from working. What your doing is working around your actual issue. Which is fine, but would still be good to know what the actual problem was - if port X is blocked to pfsense, using port Y that is not blocked works but I really wouldn't call it a fix ;)
