Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CAn't surf to my own webserver (at DMZ) from LAN

    Scheduled Pinned Locked Moved Firewalling
    13 Posts 5 Posters 7.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Perry
      last edited by

      http://forum.pfsense.org/index.php/topic,7001.0.html

      /Perry
      doc.pfsense.org

      1 Reply Last reply Reply Quote 0
      • C
        cheesyboofs
        last edited by

        First off double check that your web server really has a valid address and ping your firewall from the server,

        ping 192.168.1.1

        Then add the following LAN firewall rule;

        Protocol - TCP | Source - LAN Net | Source Port - * (any) | Destination - DMZ Net (or web server IP) | Destination Port - 80 | Gateway - * (default)

        Hope this helps

        Author of pfSense themes:

        DARK-ORANGE

        CODE-RED

        1 Reply Last reply Reply Quote 0
        • T
          tarzzz
          last edited by

          Thanks, but nope, doesn't help.

          The webserver has been running for years and it has a valid adress. I can ping 192.168.1.1 (and also ping to 192.168.5.1 works) from the webserver.
          And it works fine to surf to the webserver from all external computers, coming thru the WAN-interface.

          Only LAN and DMZ doesn't work.

          So, anyone got more tips ?

          //Ben

          @cheesyboofs:

          First off double check that your web server really has a valid address and ping your firewall from the server,

          ping 192.168.1.1

          Then add the following LAN firewall rule;

          Protocol - TCP | Source - LAN Net | Source Port - * (any) | Destination - DMZ Net (or web server IP) | Destination Port - 80 | Gateway - * (default)

          Hope this helps

          1 Reply Last reply Reply Quote 0
          • jahonixJ
            jahonix
            last edited by

            @tarzzz:

            …but i Cant go to my own webserver, which is at my DMZ, neither from PC's at LAN or PC's/servers at DMZ.

            If you cannot reach a machine on the same subnet (…or PCs/servers at DMZ) then look at subnets / netmasks etc.
            Your firewall isn't involved when a PC in the DMZ accesses a server in there as well...

            errr, how do you want to access your web server locally? By local IP (http://dmz-ip) or external name (http://myserver.dyndns.org)?

            1 Reply Last reply Reply Quote 0
            • T
              tarzzz
              last edited by

              @jahonix:

              @tarzzz:

              …but i Cant go to my own webserver, which is at my DMZ, neither from PC's at LAN or PC's/servers at DMZ.

              If you cannot reach a machine on the same subnet (…or PCs/servers at DMZ) then look at subnets / netmasks etc.
              Your firewall isn't involved when a PC in the DMZ accesses a server in there as well...

              errr, how do you want to access your web server locally? By local IP (http://dmz-ip) or external name (http://myserver.dyndns.org)?

              Well I can "reach" the webserver at DMZ from LAN, for ex I can map networkdrives on the webserver, and Ping works, but not http.

              It doesn't matter if I can reach it by http://192.168.1.5 or http://external.domain.name, but neither of those work. But I can open it as a file from the web-browser, then it works from LAN, but every link on the webpage that points to the webserver then doesn't work.

              //Ben

              1 Reply Last reply Reply Quote 0
              • C
                cheesyboofs
                last edited by

                but i Cant go to my own webserver, which is at my DMZ

                Well I can "reach" the webserver at DMZ from LAN

                Doesn't one contradict the other? My head is starting to hurt  :-\

                Author of pfSense themes:

                DARK-ORANGE

                CODE-RED

                1 Reply Last reply Reply Quote 0
                • T
                  tarzzz
                  last edited by

                  @cheesyboofs:

                  but i Cant go to my own webserver, which is at my DMZ

                  Well I can "reach" the webserver at DMZ from LAN

                  Doesn't one contradict the other? My head is starting to hurt  :-\

                  Well, my head hurt as h-l. I have had a couple of "networkers" to look at it, they doesn't seem to solve the matter either.  :-\

                  1 Reply Last reply Reply Quote 0
                  • jahonixJ
                    jahonix
                    last edited by

                    If you cannot access your web server from the same subnet (DMZ) then there's something wrong with the netmask / DHCP / gateway / whatever.

                    What networks and corresponding gateways and DNS servers did you define? Like 192.168.100.1/24 or /16 or … ?

                    1 Reply Last reply Reply Quote 0
                    • Cry HavokC
                      Cry Havok
                      last edited by

                      If you can map drives then basic IP routing is working.  If you cannot access it from the DMZ then it rules out pfSense or routing as the problem.

                      Your problem has to be somewhere on the web server host.  It could be a software firewall, or the configuration of the web server software.  Do you see connection attempts if you run tcpdump/wireshark/etc on the web server host?

                      1 Reply Last reply Reply Quote 0
                      • T
                        tarzzz
                        last edited by

                        @Cry:

                        If you can map drives then basic IP routing is working.  If you cannot access it from the DMZ then it rules out pfSense or routing as the problem.

                        Your problem has to be somewhere on the web server host.  It could be a software firewall, or the configuration of the web server software.  Do you see connection attempts if you run tcpdump/wireshark/etc on the web server host?

                        I reinstalled the whole webserver, didn't help. Then I throw in an old D-Link 604 FW/router instead of pfSense, then everything works fine.

                        So, I gave pfSense up. Probably I need a firewall-class to learn more before using pfSense

                        I'll buy a GOOD FW/router instead of the 604.

                        Thanks for your answers !

                        //Ben

                        1 Reply Last reply Reply Quote 0
                        • C
                          cheesyboofs
                          last edited by

                          So, I gave pfSense up. Probably I need a firewall-class to learn more before using pfSense

                          Its a real shame because that is the perfect opportunity to learn something and a  great sense of achievement when you figure it out.

                          Author of pfSense themes:

                          DARK-ORANGE

                          CODE-RED

                          1 Reply Last reply Reply Quote 0
                          • T
                            tarzzz
                            last edited by

                            @cheesyboofs:

                            So, I gave pfSense up. Probably I need a firewall-class to learn more before using pfSense

                            Its a real shame because that is the perfect opportunity to learn something and a  great sense of achievement when you figure it out.

                            Yes, it's a shame, but I've put down many hours on the matter, and I did learn a lot. I'll come back to pf Sense later.

                            //Ben

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.