How do I Open port 80 and 443 on pfsense ?
-
The default lan rule in pfsense is any any - all ports outbound would be open. Are you wanting to forward public traffic from the internet to your server on these ports. For example I would be able to access it if I knew your public IP?
If so that is a port forward. But that would not be required for your server to get windows updates from MS.
-
Yes my issue is I cannot get out onto the Internet from my Server. Is it easy to create a Port Forward in pfsense ?
I never used it before but I've managed to install it on a VM.
-
Getting out to Internet from LAN has exactly zero in common with port forwarding.
-
Post up your lan firewall rules.. If your saying your browser can not get to the internet - first thing I would think of is has proxy set that is not available. Do other browsers work?
Can you ping pfsense, can you ping say 4.2.2.2 ? What does a traceroute show?
C:>ping 4.2.2.2
Pinging 4.2.2.2 with 32 bytes of data:
Reply from 4.2.2.2: bytes=32 time=11ms TTL=59
Reply from 4.2.2.2: bytes=32 time=10ms TTL=59
Reply from 4.2.2.2: bytes=32 time=10ms TTL=59
Reply from 4.2.2.2: bytes=32 time=10ms TTL=59Ping statistics for 4.2.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 11ms, Average = 10msC:>tracert 4.2.2.2
Tracing route to b.resolvers.Level3.net [4.2.2.2]
over a maximum of 30 hops:1 1 ms <1 ms <1 ms pfSense.local.lan [192.168.1.253]
2 18 ms 9 ms 9 ms 24.13.snipped
3 9 ms 9 ms 9 ms te-0-5-0-8-sur04.mtprospect.il.chicago.comcast.net [68.85.180.133]
4 11 ms 10 ms 11 ms 68.87.230.53 -
Yes I can Ping pfsense firewall.
ping 10.1.1.10
Pinging 10.1.1.10 with 32 bytes of data:
Reply from 10.1.1.10: bytes=32 time=1ms TTL=64
Reply from 10.1.1.10: bytes=32 time<1ms TTL=64
Reply from 10.1.1.10: bytes=32 time<1ms TTL=64
Reply from 10.1.1.10: bytes=32 time<1ms TTL=64Ping statistics for 10.1.1.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0mstracert 10.1.1.10
Tracing route to 10.1.1.10 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 10.1.1.10
Trace complete.
Not Tried installing another web browser.
-
can you ping 4.2.2.2?
Tracert to IP you just pinged on the same segment doesn't tell us anything.. Also what are you lan rules?
-
YES. Amazing It works.
C:\Users\Nick>ping 4.2.2.2
Pinging 4.2.2.2 with 32 bytes of data:
Request timed out.
Reply from 4.2.2.2: bytes=32 time=37ms TTL=50
Reply from 4.2.2.2: bytes=32 time=34ms TTL=50
Reply from 4.2.2.2: bytes=32 time=39ms TTL=50Ping statistics for 4.2.2.2:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 34ms, Maximum = 39ms, Average = 36msC:\Users\Nick>tracert 4.2.2.2
Tracing route to b.resolvers.Level3.net [4.2.2.2]
over a maximum of 30 hops:1 3 ms 2 ms 2 ms BThomehub.home [192.168.1.254]
2 8 ms 8 ms 8 ms 217.32.144.161
3 10 ms 10 ms 10 ms 217.32.144.190
4 14 ms 12 ms 12 ms 213.120.181.206
5 12 ms 12 ms 12 ms 217.41.169.249
6 14 ms 14 ms 15 ms 217.41.169.109
7 12 ms 12 ms 12 ms acc2-xe-0-3-0.sf.21cn-ipp.bt.net [109.159.251.20
1]
8 18 ms 19 ms 19 ms core1-te0-0-0-4.ealing.ukcore.bt.net [109.159.25
1.25]
9 17 ms 17 ms 18 ms transit2-xe11-0-0.ealing.ukcore.bt.net [62.6.200
.122]
10 17 ms 16 ms 16 ms t2c4-xe-9-2-0-0.uk-eal.eu.bt.net [166.49.168.57]11 17 ms 17 ms 17 ms 5-1-4.ear2.London2.Level3.net [212.187.201.133]
12 18 ms 18 ms 17 ms ae-234-3610.edge5.london1.Level3.net [4.69.166.5
3]
13 18 ms 20 ms 18 ms ae-234-3610.edge5.london1.Level3.net [4.69.166.5
3]
14 35 ms 37 ms 32 ms b.resolvers.Level3.net [4.2.2.2]Trace complete.
C:\Users\Nick>
-
-
I still cannot get out onto the Internet from my Server. Using IE
-
How about you post the same debugs from the server you're having trouble with?
Looks like everything's fine from that host.
-
Whoops !
C:\Users\Administrator>ping 4.2.2.2
Pinging 4.2.2.2 with 32 bytes of data:
Reply from 10.1.1.10: Destination host unreachable.
Reply from 10.1.1.10: Destination host unreachable.
Reply from 10.1.1.10: Destination host unreachable.
Reply from 10.1.1.10: Destination host unreachable.Ping statistics for 4.2.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),C:\Users\Administrator>tracert 4.2.2.2
Tracing route to 4.2.2.2 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms pfSense.localdomain [10.1.1.10]
2 pfSense.localdomain [10.1.1.10] reports: Destination host unreachable.Trace complete.
-
Looks like pfSense doesn't have a default gateway set.
-
Oh Boy ! Now after adding in my gateway 192.168.1.254 and clicking add my Mac Address. Something about Spoof.
Im locked out of pfsense, my ESXi Host and my Lab ! Yikes !
Please No Applause !
-
Can you tell us a bit about your network?
What is the IP address of your Gateway? The server? Subnet mask?
-
1 <1 ms <1 ms <1 ms pfSense.localdomain [10.1.1.10]
2 pfSense.localdomain [10.1.1.10] reports: Destination host unreachable.Why is your second hop pfsense itself? Do you not have a gateway on wan? Did you set one on lan.. We see this a LOT where users for some unknown reason when it cleary says not to set a gateway on LAN, point the gateway to pfsense or something out of the blue, etc..
LAN interfaces do not have gateways set!!! If you set them, they become wan interfaces ;)
-
Restarted ESXi Host. I was then able to vsphere client back onto Host. Then Disabled pfsense NIC's. Reset to Factory and I went through the Wizard and configured the LAN and WAN DNS everything works on my Server side now too. IE and MS Updates
Thanks Guys. Nick Branson
-
future ref.. If your running pfsense on vm infrastructure you might want to mention that in your original post ;)
But can not really tell if pfsense is on the esxi host, or your 2k12 client?
