NAT and My Webserver
-
Is your portforwarding rule something like this:
disabled: unchecked No RDR: unchecked Interface: WAN Protocol: TCP Source: any Source port: any Destination: your public ip( usually wan ip) Destination port: 80 Redirect target ip: your webserver ip Redirect target port: untouched Description: something you want to write No xmlrpc sync: unchecked NAT reflection: Use system default Filter rule association: Create new associated rule <-- here it might read something else, if you already created this rule -
Is your portforwarding rule something like this:
disabled: unchecked No RDR: unchecked Interface: WAN Protocol: TCP Source: any Source port: any Destination: your public ip( usually wan ip) Destination port: 80 Redirect target ip: your webserver ip Redirect target port: untouched Description: something you want to write No xmlrpc sync: unchecked NAT reflection: Use system default Filter rule association: Create new associated rule <-- here it might read something else, if you already created this ruleYep. exactly.
-
Try to make port redirection. from (destination)port 12800 to (redirect)port 80
if this works, then your isp is blocking port 80
-
Try to make port redirection. from (destination)port 12800 to (redirect)port 80
if this works, then your isp is blocking port 80
ISP is not blocking port 80. This was working just fine with my previous Fortigate 60 router i just replaced.
-
Try to make port redirection. from (destination)port 12800 to (redirect)port 80
if this works, then your isp is blocking port 80
FWIW I can tweak the exact same port forward rule to 81 and it works perf. Just not 80. I read someone's thread a few weeks ago where they said something like creating the port forward AFTER setting an alternate connect port for webconfigurator somehow made a difference. I smell a bug, somewhere.
-
Might be bug, but i haven't encounter even a single one with pfsense.. If change your rule again port 80, what it says then? or delete that rule fully and created it again
-
Might be bug, but i haven't encounter even a single one with pfsense.. If change your rule again port 80, what it says then? or delete that rule fully and created it again
I can toggle the port number till my heart's content… still no change. It doesn't really 'say' anything, it looks like a correctly configured rule. But, it just fails to work.
-
I have created all of my NAT Port forwarding rules and any request on an external network to my webservers etc works without issue. I too am having the problem of navigating to my webserver etc when on my LAN network. I have unchecked the the "Disable NAT Reflection" thus enabling it.
Will I have to recreate my NAT port forwarding rules now? The reason I'm asking this is because I guess I'm not clear on the "Disables the automatic creation of NAT redirect rules for access to your public IP address from within your internal networks" line. Now that I have essentially ENABLED the automatic creation of NAT redirect rules for access to my public UP address from within my internal network, will I need to recreate my port forwarding?
I have no 1:1 NAT configured, if that makes a difference.
Thank you.
-
Did you check the "Disable webConfigurator redirect rule" in the System => Advanced => Admin access ?
-
balance or nat will not work on same interface, you will need a reverse proxy package or an outbound nat to change source ip going to web servers.
visual example:
192.168.1.20 - client
192.168.1.200 - firewall
192.168.1.10 - web server192.168.1.20 asks 192.168.1.200 for a page
192.168.1.20 forwards to 192.168.1.10
192.168.1.10 see that client(192.168.1.20) is on same network
192.168.1.10 returns page directly to 192.168.1.20
192.168.1.20 rejects this communication as he asked 192.168.1.200 for a page and response came from 192.168.1.10
To workaround this without any package or nat, you need to edit internal dns to answer website name to its server ip.
