Trouble with port forwarding.

Abarai

Hello, I'm trying to allow access to a web server through my pfsense. It was working well yesterday, but for some reason it's not working anymore and I can't seem to find why.

My network is the following:

WAN1                        LAN1
         \                  /
             Pfsense 1.2
         /                 
WAN2                       LAN2

Both WAN1 and WAN2 are local networks on which there is the ISP' router.
My Web server is on LAN 2 and must be access solely through WAN 2.

I'm currently trying to enable access to the server from a computer on WAN2, berfore even trying to enable it through the internet.

I enabled the following rules in the NAT Menu:

If         Proto  Ext. port range     NAT IP         Int. port range   Description  
WAN2 TCP    8080             192.168.10.23       80 (HTTP)          Test
                                                (ext.: any)

The rule added on WAN2 when creating the NAT is:

Proto   Source   Port   Destination   Port   Gateway   Schedule   Description
TCP             *            *   192.168.10.23   80        *                      NAT Test
                                                              (HTTP)

I successfully connect to the webserver when using a computer on LAN2, so there shouldn't be any problem there.
I tried to log the firewall rule, but nothing appears in the log when i'm trying to connect.

My guess is there is something blocking the NAT somewhere, but I have no idea what it could be.
Does anyone have an idea?

GruensFroeschli

Dont set as external NAT IP "any". Set here "Interface address"

Did you actually test this from a client which is on the WAN2 side?

Abarai

Yes I did test it that way and it wasn't working either.

But I just find a clue. Apparently, if on my webserver I access directly the website it works both with 'any' and 'Interface Address', but if I use a virtual directory, it doesn't work anymore.

For example, if i use http://pfsenseInterfaceAdress:8080 it works, but if I use http://pfsenseInterfaceAdress:8080/Website it doesn't work.

Is there something to do on pfsense to make this work?

Abarai

Also, althought this is working from an internal client on WAN, it doesn't work when i try to access the webserver through my isp's router, even thought i did the forwarding on the router on the same way as my other servers on WAN2. Could this come from a communication problem between the routeur and pfsense.

Abarai

@Abarai:

Also, althought this is working from an internal client on WAN, it doesn't work when i try to access the webserver through my isp's router, even thought i did the forwarding on the router on the same way as my other servers on WAN2. Could this come from a communication problem between the routeur and pfsense.

This problem was solved. I was just being stupid in my use of my vmware server (my webserver is on a vmware client).

On the other hand, I still need to be able to access my webserver using the virtual directory. Anyone knows how to do that?

GruensFroeschli

I'm not sure how pfSense could interfere with that, since it only sees the TCP connection and has nothing to do with the http request.
Are you sure this is not a missconfiguration on the server?

Abarai

@GruensFroeschli:

I'm not sure how pfSense could interfere with that, since it only sees the TCP connection and has nothing to do with the http request.
Are you sure this is not a missconfiguration on the server?

I'm not, but since I can successfully access the website this way when on the same lan, there should be no reason not to access from a remote client. Is there?