Outbound traffic from WAN couldn't access to web/mail server in NAT of LAN
-
Sir, Enabled NAT reflection also couldn't solve it. The remote user still unable to access the server behind pfSense…. ??? ??? Why is it?? Still there any setting i missed out??? :o
-
have you checked your HTTP port yet?
try to check it using "grc port scanner".
-
:'( :'( :'( ??? ??? ???
The PC from WAN still couldn't access to that web server that sitting behind pfSense…. Someone please guide me..... I had logged the packets that PC from WAN might had be passed through pfSense, but somehow don't know why that remote PC from WAN couldn't access to the webserver. my server port is 8888. Please help me refer the picture below. Thank you very much!!!
-
According to nmap scanned on pfsense itself, I noticed the pfSense firewall had not open 8888 port yet, am i correct? Please look at the nmap scan report below.
Interesting ports on pfsense.local (192.200.9.7):
Not shown: 1694 filtered ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open httpNmap finished: 1 IP address (1 host up) scanned in 30.299 seconds
-
likewise here, i have problem opening my ports 6112-6119, but somewhere in this forum someone suggested to use "Outbound" option at NAT, and click "Manual.. (advance..) and click SAVE, pfsense will generate a list of entry, click Apply.
in my case, viola, it opens my ports after this.
HTH
-cruzades -
I'd done what you instructed, enable manual…(advance).... yet, still remote pc couldn't access and the port 888 is not opened.
no luck at all ??? >:(
-
zzzz…... no one could answer me.... :'(
I think the problem might be XYZ firewall attached to the LAN. The XYZ firewall had blocked the traffic that tried to access web server:888.
What do you guys (masters ) say??
-
Your clients/server behind pfSense dont happen to have as default gateway this other firewall, do they?
(What is it doing there anyway?) -
Actually, XYZ firewall is currently in use and I wanted to replace it with pfSense in future due to XZY has limited features provided and one day XYZ firewall will be removed…..
I'm sorry, I can't get you. Are you asking the Client/Server do not have default gateway of pfSense instead of XYZ firewall as their default gateway. Is that what u were saying? Hhmmm...I'll check it. :o Thank you!!
-
In your diagram I see you have a private IP on your WAN interface and a public IP on your LAN. Did you configure your network in this way for a particular reason?.
If so, how is Interfaces/WAN/Block Private Networks set?.
Saludos.
Miguel Ángel Araujo
México -
Dear maaraojo, by default, Interfaces/WAN/Block Private Network was checked…. Does it block traffic from WAN to LAN? I hope it is not.
Hmm, I checked those servers. It is indeed those servers default gateway were not set to pfSense Box. Should I need to set their default gateway to pfSense box? I heard one of my friend said that it is not necessary must set those servers default gateway to pfSense box. He said install a proxy server on pfSense box would solve those default gateway. What he said was correct???? Need advice..... ??? ???
-
jamesseen,
I couldn't resolve www.bumiasia.com. How are you testing?.
Saludos.
-
Thank you, maaraujo….
Unfortunately, at moment I still don't have "authority" to modify any setting on the Server. I have to wait me superior officer to do those setting on server.(add default gateway to pfSense box instead of XYZ firewall)
I'll let u guys to know the latest update soon....
-
Dear GuRUs…. one question, if I set default gateway to pfSense firewall, all of the traffic response would be going to pfSense box which is not suitable. I would like to ask is it possible to implement WAN traffic packet from pfSense box toward web/mail server will reply back to pfSense and WAN trafic packet from XYZ firewall toward web/mail server reply back to XYZ firewall???? Please refer again for the below network diagram.
For Your Information, XYZ has reverse proxy....Thank you so much!!!! ::)
-
Not really possible. Sorry.
-
Hi, friend,,,,
1. check your ADSL Router pass all port to pfSense WAN interface.
2. pfsense ports forward are 80, 143, 25, 110 for web and mail server.
3.all your server default to pfSense LAN interface.good luck..
-
@Sopon:
Hi, friend,,,,
1. check your ADSL Router pass all port to pfSense WAN interface.
2. pfsense ports forward are 80, 143, 25, 110 for web and mail server.
3.all your server default to pfSense LAN interface.good luck..
Not really possible. Sorry.
Thank you for your reply….
Can I set 3 default gateways on my servers toward pfSense firewall boxes?? Please refer below network diagram...
-
i think can set to 3 gateways or more, but it defference VLAN and subnet on your servers and then easy subnet pointing to easy gateway. why not you optimized to single pfsense firewall have 1 wan (default), 2 OPT1, and 1 LAN?, and using balancing feature or policy routing for outgoing, and multi homing for incomming.
-
Dear Gurus, due to the servers behind the pfSense box couldn't set a default gateway to 192.200.9.7, I would like to implement a reverse proxy after pfSense box so that remote users from WAN maybe (hopefully)can access to servers without set a default gateway on those servers. What would you think? Is it possible?? Please refer following network diagram. Thanks!!!
-
i think you can set server default gateway to 192.200.9.7, but i don't know what devices is "reverse proxy ".
i see your diagram "reverse proxy ", is basic proxy server with bridge function right?. if yes, can your files server ping 192.200.9.7?. if can, you can set to that. if your server can't ping to 192.200.9.7 please resolve packet filter or routing on your "reverse proxy ".good luck
