Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port 443 blocked?

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      oguruma
      last edited by

      I am trying to set up port forwarding on my PfSense box. I forwarded Port 80 successfully, as confirmed by a port checker. I then cloned that rule and changed it to 443, however port checkers indicate that 443 is closed.

      My assumption that my ISP (Charter/Spectrum) was blocking port 443. I called (twice) and they told me that Port 443 was NOT blocked.

      So, since I cloned the rule for Port 80 (which was opened successfully), what else could I be doing wrong?

      To make sure it wasn't the webservers firewall, I disabled UFW with the same result.

      Any ideas where to look?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        First thing I suggest you do is actually validate the traffic is getting to your wan. Simple sniff go to can you see me . org and test to 443. Do you see the traffic to 443 to your wan public IP?

        If so then ether you have firewall rule blocking your port forward or something else wrong with the forward? 2nd step after you have validate your forward and firewall rule are valid is sniff on your lan side when you do the can you see me.. Do you see the traffic headed towards your lan side IP that you forwarded too.. Do you not get an answer - then its something between pfsense and the server your forwarding to - or the server not answering, or using a different gateway than pfsense, etc.

        Its all pretty well all documented here
        https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.html

        It really should only take a couple of minutes to figure out where the problem is.

        Until you actually validate pfsense is seeing the inbound traffic to its wan IP - its pointless to look elsewhere since pfsense can not do anything with the forward if there is no traffic getting to it to forward.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        O 1 Reply Last reply Reply Quote 0
        • O
          oguruma @johnpoz
          last edited by oguruma

          @johnpoz said in Port 443 blocked?:

          So what I have done is enabled logging on that rule, and I can see that it's passing traffic on webserverip:443 in the system logs.

          So all I can assume at this point is that it's the webserver that is blocking traffic on port 443? The port checker still indicates that 443 is closed, but port 80 is open.

          D 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Well did you validate that your server is listening on 443? While a rule check is a way to validate if traffic hits.. It can be useful to actually sniff on your lan side with the package capture and see if client sends back a Reset or ICMP redirect, etc. Or just doesn't answer your syn that would be sent.

            If your saying 80 works then have to assume your gateway is correct on that device sending back to pfsense. So its either a firewall on the device or the device isn't even listening on 443.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 1
            • D
              DasIvory @oguruma
              last edited by

              This post is deleted!
              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.