Port forwarding help needed
-
Looks right. Is it working?
If not, can you get at http://WAN address/ from something else on the 10.0.0.0 network?
-
Yep, looks right.
When you try to access the server from from some external address or from the wireless network what happens?
If it doesn't connect do you see anything in the firewall logs?Steve
-
No it's not working.
it just gives me this page cannot be displayed.but I can access the pfsense interface from the internet.
Will check logs when I get home -
While this would not be the issue its not working - why would you forward 80 UDP to it? Clearly that is pointless.
Simple way to validate this is plug something into the 10 wan network here and try and access 10.0.0.10 on port 80. Does that work - if so then its your other router or your ISP blocking it.
if that doesn't work - you sure you have the correct 192.168.0.x address - in your OP you state its IP is 192.168.0.10, but then you forward to 192.168.0.11?? Also is this webserver running a firewall?
-
I assume you have the pfSense webgui running on a non-standard port since 80 and 443 are forwarded?
Steve
-
I have connected another device to the 10.0.0.0 range and tested http://10.0.0.10/support and it is showing the website.
I also changed the pfSense webgui port to 444 and test I can access it on https://10.0.0.10:444 and from the internet https://Public IP:444
but still can't access the website from http://Public IP/support
I had to add a rule on WAN to access pfSense webgui from internet https://Public IP:444![NAT Rules.PNG](/public/imported_attachments/1/NAT Rules.PNG)
![NAT Rules.PNG_thumb](/public/imported_attachments/1/NAT Rules.PNG_thumb)
![firewall rule.PNG](/public/imported_attachments/1/firewall rule.PNG)
![firewall rule.PNG_thumb](/public/imported_attachments/1/firewall rule.PNG_thumb)
![Port forwarding on Router.PNG](/public/imported_attachments/1/Port forwarding on Router.PNG)
![Port forwarding on Router.PNG_thumb](/public/imported_attachments/1/Port forwarding on Router.PNG_thumb) -
I have connected another device to the 10.0.0.0 range and tested http://10.0.0.10/support and it is showing the website.
Ok, so if you can access it from the router LAN side (pfSense WAN side) then that implies the router is not forwarding the traffic correctly. What port is the router web interface running on? There may be a conflict though there shouldn't be. Clearly it's forwarding port 444 correctly.
You could try changing the port forward in the router to a different incoming port, say 8080. That should get around any block that's in place.
I forget if you already said but did this work before you added pfSense? It's fairly common for ISPs to block incoming port 80 to prevent people running home websevers.
Steve
-
I have changed port forwarding on router.
port 8080 to 10.0.0.10on pfsense i changed the NAT destination port to 8080 and redirect it to 192.168.0.11 port 80
if I connect on the 10.0.0.0 range and test http://10.0.0.10:8080/support it works but still nothing from the internet.
and yes it was working on port 80 before I added pfsense
-
Check all the default gateways.
-
I have connected another device to the 10.0.0.0 range and tested http://10.0.0.10/support and it is showing the website.
I also changed the pfSense webgui port to 444 and test I can access it on https://10.0.0.10:444 and from the internet https://Public IP:444
but still can't access the website from http://Public IP/support
I had to add a rule on WAN to access pfSense webgui from internet https://Public IP:444Rereading… You also had to add a port forward to your outside router to 444 right?
-
Hmm. Have you checked the firewall logs yet?
The port forward is clearly working from the 10.0.0.0 subnet so why not when forwarded from a public IP?
Possibly the firewall rule allowing traffic in to the WAN is not allowing redirected traffic for some reason. That seems unlikely, I can't see anything in your firewall rule that might do that.
Possibly pfSense doesn't know how to route the traffic back out the client. That would explain why it works from the locally attached 10.0.0.0 subnet. However if that was the case I wouldn't expect the pfSense webgui access on 444 to work either.Does the server have logging you can check? It could be the server isn't replying for some reason.
Steve
-
In case you haven't noticed yet:
1. Traffic blocked by the default rule (in other words, traffic which matches no firewall rule) can be logged by selecting "Log packets blocked by the default rule" in "Status: System logs: Settings". Same for bogon and private subnets. This will of course also show any portscans and hack attempts.
2. For each firewall rule, logging can be enabled individually.
3. By clicking the icon on the "Act" column of the firewall log, you can see which rule was responsible for blocking or passing the traffic.