Outbound traffic from WAN couldn't access to web/mail server in NAT of LAN

jamesseen

Dear masters…. please guide me to solve this problem. :'( Please refer following inllustration.

User PC<--->Internet<--->WAN<--->pfSense<--->LAN(NAT) web/mail server

my web/mail server is placed on LAN. What should i need to configure pfSense firewall so that user PC can access to web/mail server??

Greats thanks to Masters....!!!!!

hoba

You need a portforward (firewall>nat, portforward). It will create firewallrules automatically by default for the NAT-mappings you create. Depending on what your clients use to connect you will need smtp, pop3, imap and maybe a webmailport to be forwarded. If in doubt check your mailservers manual.

jamesseen

Thank you for reply….

I had done the NAT mapping which WAN direct to internal LAN port 80. It is a web server....

Internet---->WAN---->LAN------>Webserver (e.g. www.bumiasia.com)

:'( ::) :'( ??? ???

jamesseen

I know it is a noob question. I really need a solution!  :'(

The client machine from LAN is able to access the web server.(done the portforward on LAN interface) However, the client machine from outside Internet is not able to access the web server placed on LAN. (although I had done port forward on WAN interface)

client–->Internet--->WAN---->pfsense----LAN NAT (web server)  ??? ??? ??? ???

Perry

The more info you provide the more help you will get :)
http://forum.pfsense.org/index.php/topic,7001.0.html

GruensFroeschli

Could you provide a screenshot of your NAT and Firewall rules?

(done the portforward on LAN interface)

This is wrong. (ok maybe not wrong but unnecessary)
You create portforwards on the WAN and if you need the forward from the inside to enable "NAT reflection"

jamesseen

??? I wonder masters could understand what problem that I mentioned above…. sorry for my so poor english. hardly to express what i wanted to say. I would like to post my network layout. please refer....

jamesseen

What i had achieved from the above network layout (forum.jpg) were the PC (xp machine) within LAN was able to access web hosting (using port forwarding NAT to achieve this although there was an another xyz firewall connected to same network 192.200.9.0 LAN ) and web mail and could access Internet.

jamesseen

Now, the problem I'm facing now assume there is an user PC (XP machine) would like to access to my WebHosting by typing URL from Internet Explorer browser "http://www.bumiasia.com" and that user PC was unable to access it. I had made the port forward on WAN interface as external to NAT IP of my DNS server. Please view my screenshot of it. many thanks!!!


GruensFroeschli

Enable NAT reflection.
(advanced)

jamesseen

Sir, Enabled NAT reflection also couldn't solve it. The remote user still unable to access the server behind pfSense…. ??? ??? Why is it?? Still there any setting i missed out???  :o

cruzades

have you checked your HTTP port yet?

try to check it using "grc port scanner".

jamesseen

:'( :'( :'( ??? ??? ???

The PC from WAN still couldn't access to that web server that sitting behind pfSense…. Someone please guide me..... I had logged the packets that PC from WAN might had be passed through pfSense, but somehow  don't know why that remote PC from WAN couldn't access to the webserver. my server port is 8888. Please help me refer the picture below. Thank you very much!!!

jamesseen

According to nmap scanned on pfsense itself, I noticed the pfSense firewall had not open 8888 port yet, am i correct? Please look at the nmap scan report below.

Interesting ports on pfsense.local (192.200.9.7):
Not shown: 1694 filtered ports
PORT  STATE SERVICE
22/tcp open  ssh
53/tcp open  domain
80/tcp open  http

Nmap finished: 1 IP address (1 host up) scanned in 30.299 seconds

cruzades

likewise here, i have problem opening my ports 6112-6119, but somewhere in this forum someone suggested to use "Outbound" option at NAT, and click "Manual.. (advance..) and click SAVE, pfsense will generate a list of entry, click Apply.

in my case, viola, it opens my ports after this.

HTH
-cruzades

jamesseen

I'd done what you instructed, enable manual…(advance).... yet, still remote pc couldn't access and the port 888 is not opened.

no luck at all ??? >:(

jamesseen

zzzz…... no one could answer me.... :'(

I think the problem might be XYZ firewall attached to the LAN. The XYZ firewall had blocked the traffic that tried to access web server:888.

What do you guys (masters ) say??

GruensFroeschli

Your clients/server behind pfSense dont happen to have as default gateway this other firewall, do they?
(What is it doing there anyway?)

jamesseen

Actually, XYZ firewall is currently in use and I wanted to replace it with pfSense in future due to XZY has limited features provided and one day XYZ firewall will be removed…..

I'm sorry, I can't get you. Are you asking the Client/Server do not have default gateway of pfSense instead of XYZ firewall as their default gateway. Is that what u were saying? Hhmmm...I'll check it. :o Thank you!!

maaraujo

In your diagram I see you have a private IP on your WAN interface and a public IP on your LAN. Did you configure your network in this way for a particular reason?.

If so, how is Interfaces/WAN/Block Private Networks set?.

Saludos.

Miguel Ángel Araujo
México