Port forwarding port 80 to port 8080

stephenw10

It's either because it redirects the browser to use port 8080 and you don't have a port forward for that. In which case just add a port forward for 8080 to 192.168.50.20.

Or it redirects the traffic internally and causes an asymmetric route.

Try to connect to the site from a know external IP then check the pfSense firewall logs to see what traffic is being blocked. That will tell you what is happening and we can tell you how to resolve it.

The 'correct' way to do this though is using a reverse proxy on pfSense directly. That will give you far more control over what goes where. It's more complex to setup though.

Steve

Havok

Hello Steve

I have a port forward set from wan to 192.168.50.20 and it works fine. But not the redirect 80 to 8080

Another question while I'm here, how about vlans how do you do port forward on a virtual vlan? If I could do that then port 80 could be used on both web server being on other IP's.

stephenw10

A VLAN is just like any other interface in pfSense. It would have a different subnet. You can port forward to IPs on it.

Not sure how that would help here though.

A screenshot of the port forwards you have setup would help here.

But seeing what traffic is actually blocked when you try to reach the site will tell us everything.

Steve

Havok

Morning Steve

Here is your screenshot, I done just about every setting I could do for port forwarding 80 to 8080

Thanks

johnpoz

And how OLD is that pfsense???

Your forwarding 80 to 58.25 already.. How do you think you can forward it to something else?

And your rule to forward 8080 doesn't have a linked firewall rule..

But to be honest step 1 should be to get of that clearly EOL version of pfsense.. WTF version is that 2.0? Interface has not looked like that in years and years.

edit: Mystic and Wildcat, those are some really old school BBSs ;) Talk about old school and being stuck in the past, hehehe.. While sure it can be fun to provide those.. Doesn't mean your firewall software needs to be OLD as well.. What version of pfsense are you running?

Havok

Hello

That 8080 to 8080 was just a test to see if in fact it worked and is disabled while testing.

As for the version yes old, but I have a newer watch guard box coming next week that supports a hard drive.

Version 2.1.2 but next week will be updated to the next to last release. I just wanted to get the port forward nailed down then upgrade to a more up todate release.

As for bulletin boards, is I have been running one or two going back to 1988, once it is in your blood it never goes away.

johnpoz

About the bbs - yeah that is true... Do you have a lot of users of them? Do you host games of BRE.. I would be up for playing some BRE or Tradewars..

I had fired up a copy a while back to try and get some buddies playing BRE.. But it never came to anything.. So I shut it down..

Your forward to 8080 is prob missing firewall rule on the wan.. You can create port forwards all day long, but if the wan rules do not allow the traffic then not going to work.. So post up your wan rules as well.

Havok

Hello John

These days winter time is the busy season. unlike before the Internet and 2 modems with 24 to 40 calls a day. But winter time is the bomb.

afterhours-bbs.com:23

theghettobbs.com:2323

Mystic will be swithed out to wildcat when ansi work is done.

PS I'll install my newer copy of pfsense today on one of the older dell power edge servers.
Also I did make a new rule and still no go.

Thanks

johnpoz

Well just troubleshoot the forward for 8080..
https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html

If I am understand your setup correctly you have some client from wan side hitting

http://host.domain.tld
This would be port 80, which gets forwarded to 192.168.58.25
On this webserver you sending a meta redirect I would assume telling the client to go to http://host.domain.tld:8080 or maybe it says go to http://otherhost.otherdomain.tld:8080 - doesn't really matter as long if sending to a different fqdn, that fqdn also resolves to pfsense wan IP for the client trying to access.
So pfsense would see traffic to its wan on 8080 and forward that to 192.168.58.50

So validate that the traffic is actually hitting pfsense wan on 8080, simple sniff on wan will show this.
If pfsense sees traffic on 8080 it will send it to 58.50 - so sniff on lan side when doing this, do you see it send the traffic. Does the service on 58.50 respond Does it see the traffic that pfsense sent.. Sniff on the 58.50 box, etc.

As already mentioned above, a much better way to do this would be just reverse proxy.. So depending on the host headers you can send to whatever backend you want, on whatever port you want.

But to do that you would need a current version of pfsense ;) I don't even recall 2.1 even had that ability. 2.1.2 - that came out in early 2014, 5.5 years ago.. Dude!!! WTF? ;)

stephenw10

Yup. Upgrade.

You will see that port 8080 traffic blocked in the firewall log though as I suggested some time ago. That will confirm the issue. Or just add the rule and restest.

Steve