Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HTTP port forward not reaching web server

    NAT
    4
    6
    3.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Horizontigo
      last edited by

      Hello.

      I'm running pfSense in VMWare on Windows Server 2003. Everything is working fine; all of the internal machines are going through it to get outside. The external port is only being used by the pfSense virtual machine and is wired directly to my cable modem.

      I want to present an internal web server to the outside world. It's running IIS6 on Windows Server 2003. The website is up and running, it's the only site on the machine, has no host headers associated with it, is set to accept traffic on all IP addresses on port 80, and I can access the site internally with either its internal IP address or machine name.

      I followed the instructions for setting up port forwarding, using port 80 and pointing to the internal IP address of the web server (it is the correct address), making sure I told the WebGUI to create a firewall rule at the same time. Everything looked as I expected on the NAT and firewall pages.

      After unchecking Disable NAT Reflection I can, internally, get to the website using the external IP address of the pfSense machine.

      From an external machine, in Firefox, I get an error message after 10-20 seconds saying "The operation timed out when attempting to contact [external IP address]". It doesn't work in any browser, and I can't telnet to port 80 either.

      I enabled logging on the firewall rule and it fires (green icon), so my ISP isn't blocking the port and traffic is reaching the pfSense machine. The internal web server never receives the request, though. There's no record of it in the IIS logs.

      I've rebooted the pfSense machine but that hasn't resolved the issue.

      Has anyone come across this before? Does anyone know what I'm doing wrong?

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • D
        danswartz
        last edited by

        not sure i get what you mean.  the icon being green in the firewall rules only means it is enabled not that it has "fired".  a lot of residential broadband providers block port 80 inbound.  if you do a packet capture on the WAN and try connecting, does anything show?

        1 Reply Last reply Reply Quote 0
        • H
          Horizontigo
          last edited by

          The green icon is in the firewall logs, not on the rules page, and only appears after I request the page in a browser on an external machine (I didn't check after doing it from an internal machine because the web page was displayed).

          Yes, the HTTP request was in the packet capture from the WAN interface.

          1 Reply Last reply Reply Quote 0
          • D
            danswartz
            last edited by

            what do you see if you capture on the LAN interface?

            1 Reply Last reply Reply Quote 0
            • G
              greatmen
              last edited by

              im doing kinda the same, on the lan interface the packet capture idnt get anything at all

              1 Reply Last reply Reply Quote 0
              • L
                leoalfa09
                last edited by

                Enable disable nat reflection and check windows firewall and antivirus firewall.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.