Port Forward by Hostname

BBcan177

Can you post the settings you used for the NAT?

Did you also use the "Filter Rule Association" setting to automatically create a Rule also? Or manually add a "Rule" to allow the NAT.

This will output all of PFCTL's settings

pfctl -sa

arrmo

Hi,

You bet - no problem at all. Attached shows the settings. And yes, I did allow automatic Filter Rule creation. I actually also enabled logging in that rule, but nothing seems to be showing up in the log … :(.

Thanks!

![pfSense NAT.png](/public/imported_attachments/1/pfSense NAT.png)
![pfSense NAT.png_thumb](/public/imported_attachments/1/pfSense NAT.png_thumb)

BBcan177

Seems ok.

Do you have any Rules above this one that might be passing that traffic? If there is a rule above this one, than the second rule won't see it.

The Pic shows 192.168.2.23 buts its greyed out. Maybe just the way you created the PDF, but it should be Red/Maroon like you said earlier. The logs should show up in the "Firewall" logs.

Are you able to access the WEB Server from the Internet?

arrmo

Hi,

The only rule above this one is "Block bogon networks" … actually, that's the only other Filter Rule, and no other Port Forwarding rules.

Correct on the grayed out - I tried to generate a PDF, then to PNG ... lost the color in the process. And yes, it's the Firewall logs I'm checking - nothing there that I can see (no incoming traffic, only outgoing it seems).

Nope, can't access the Web Server ... :(.

Will keep digging, it could be me - that's a very real possibility .. ;).

Thanks!

BBcan177

Make sure you don't have the "Block Bogons" on the LAN Side. That should only be set for the WAN.

arrmo

Hi,

I didn't create that one (seems to be auto-created), but I just checked … and you are correct, WAN only.

Thanks!

arrmo

OK, I may be on to something. If I manually go to WAN IP address (i.e. http://192.168.1.4/) … I get the pfSense login. So it seems that I can't port forward to a Web Server behind the pfSense box?

I just checked, and there is an "Anti-Lockout Rule" that seems to be auto-created, and it handles port 80? It also is forced to be first on the list. Trying to dig into it, to understand it.

Thanks!

BBcan177

I haven't played with a WEB Server behind pfSense, but why don't you change the pfSense GUI to HTTPS and set a port like 443 or 8080

arrmo

Hi,

Tried that … moved it to port 8080. It worked (getting there to 8080), but still can't forward 80 through ... :(. The other odd part is that this is on the LAN side (this rule) ... the Web GUI (for pfSense) shouldn't be accessible on the WAN side, should it?

Thanks!

arrmo

Hi,

OK, just to close the loop .. updated to the latest version, and after reboot it started working.

Thanks so much for all the help!!!