Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Forward or DNS Forward?

    NAT
    5
    9
    5.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stramato
      last edited by

      What I have:

      • mydomain.com from godaddy
      • DSL line with static IP from ISP (actually I have 3 that are load balanced)
      • LAMP web server, 192.168.1.20
      • Windows 2008 R2 DNS, 192.168.1.10

      In my DNS, I have a domain, mywebsite.local with Host(A) pointed to 192.168.1.20.

      I want this local website to be available on the internet through mydomain.com.

      pfSense is between my DSL modem and local network.

      What's the best way to do this?

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        That's pretty simple

        1. Forward port 80/TCP from pfSense to your Windows server
        2. If the DSL modem is actually a router, or it isn't in bridge mode, forward 80/TCP from the modem to the pfSense host
        3. Create an A record for (say) example.com that has your static IP

        1 Reply Last reply Reply Quote 0
        • S
          stramato
          last edited by

          On 1.2.3, I was able to do this successfully.

          Im on 2.0 November 7 right now and NAT Port Forwarding looks different.

          There's:

          Interface
          Source Addr
          Source Port
          Destination Addr
          Destination Port
          NAT IP
          NAT Port

          I tried this one and it doesnt work:
          Interface WAN
          Source Addr *
          Source Port 80
          Destination Addr *
          Destination Port 80
          NAT IP 192.168.1.20
          NAT Port 80

          Then this creates an automatic Firewall Rule.

          When I type in the DSL IP in a local PC, it still takes me to pfSense CP. When I try to access it from a web proxy, my request times out.

          Am I doing this wrong?

          1 Reply Last reply Reply Quote 0
          • I
            i_robot73
            last edited by

            Got the same issue with my Win7 setup…..I can successfully connect to the IIS setup from the LAN (after setting up the DNS Forwarder 'tweak'); but anything external times out.  RDP, FTP and remote admin all function as expected.

            Just the external IIS access fails. ???

            Anybody come up w/ some other hints/tricks to try out?

            EDIT:  Found the issue(s)
            1)  I thought I had turned off ALL the firewalls within Windows 7 (Domain, Private, Public), but missed one
                a)  I did turn it back on, enabled the rules (FTP, PASV mode, IIS) after step 2, and all still works!
            2)  Changing ports within IIS for the FTP site and restarting the sites through the IIS Admin does NOT restart the IIS FTP site.  I had to do that through the Admin Tools\Services (Microsoft FTP) before the changes I THOUGHT were being made would stick.

            Overall, the process for me (hosting on Windows 7):
            1)  Change the pfSense web port
            2)  Setup the rules for HTTP and/or FTP (and PASV if required).
                a)  Turn on RULES logging to show in the logs, made things MUCH easier to see what's what
            3)  Turn off Windows Firewall SERVICE
            4)  Tweak as needed
            5)  Turn on firewall, re-tweak

            Hope this helps someone else.....Now on to figuring how to clean up my SNORT logging from showing all the BellSouth server 'hits' :)

            1 Reply Last reply Reply Quote 0
            • D
              dreamslacker
              last edited by

              @stramato:

              On 1.2.3, I was able to do this successfully.

              Im on 2.0 November 7 right now and NAT Port Forwarding looks different.

              There's:

              Interface
              Source Addr
              Source Port
              Destination Addr
              Destination Port
              NAT IP
              NAT Port

              I tried this one and it doesnt work:
              Interface WAN
              Source Addr *
              Source Port 80
              Destination Addr *
              Destination Port 80
              NAT IP 192.168.1.20
              NAT Port 80

              Am I doing this wrong?

              Yep.  Change the source port to any and the destination address to 'WAN address'.

              1 Reply Last reply Reply Quote 0
              • S
                stramato
                last edited by

                @dreamslacker:

                @stramato:

                On 1.2.3, I was able to do this successfully.

                Im on 2.0 November 7 right now and NAT Port Forwarding looks different.

                There's:

                Interface
                Source Addr
                Source Port
                Destination Addr
                Destination Port
                NAT IP
                NAT Port

                I tried this one and it doesnt work:
                Interface WAN
                Source Addr *
                Source Port 80
                Destination Addr *
                Destination Port 80
                NAT IP 192.168.1.20
                NAT Port 80

                Am I doing this wrong?

                Yep.  Change the source port to any and the destination address to 'WAN address'.

                Ok I did that, still nothing, requests are timing out.

                BTW I forgot to mention, I'm Load Balancing. I have WAN, OPT1 and OPT2 all in Tier1. I'm trying to use WAN only for making my internal web server available over the internet. Does this have to do with anything related to what problem I'm experiencing?

                1 Reply Last reply Reply Quote 0
                • S
                  stramato
                  last edited by

                  My port forwards are working now :) Thanks

                  1 Reply Last reply Reply Quote 0
                  • D
                    danswartz
                    last edited by

                    It's generally a nice thing to post what your solution was :)

                    1 Reply Last reply Reply Quote 0
                    • S
                      stramato
                      last edited by

                      Ok here was my solution, dreamslacker's method worked for me.

                      It was timing out before because the firewall rules got messed up. It was opened for another interface. anyway, it was just carelessness on my part.

                      Interface OPT2
                      Source Addr *
                      Source Port *
                      Destintion Addr OPT2 Address
                      Destination Port 80(HTTP)
                      NAT IP 192.168.1.10
                      NAT Port 80(HTTP)

                      Then choose "create associated firewall rule" so it will automatically create a firewall rule for you. Otherwise you can manually create it.

                      I also did this for OPT1 and WAN, so I have 3 internet IP's port forwarding 80 to the NAT IP.

                      My next step is to point my DNS Host(A) to these IP addresses, that should, in theory, leave me with redundant IP addresses for my website.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.