• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Forwarding port 80

Scheduled Pinned Locked Moved NAT
8 Posts 3 Posters 513 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    lyle817
    last edited by Apr 22, 2020, 12:01 AM

    Hi, there. I am trying to access my freenas nextcloud from outside my lan by port forwarding port 80. I am using the Open Port Check Tool and it says that this port is "closed". Can anyone help me with my setup? It seems straightforward, but sure I'm missing something simple. Total noob here, talk to me like I'm 7 yo!

    e510ca87-cdc5-45d5-abf0-5bbcf97540ec-image.png

    1 Reply Last reply Reply Quote 0
    • D
      Derelict LAYER 8 Netgate
      last edited by Apr 22, 2020, 12:45 AM

      https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • L
        lyle817
        last edited by Apr 22, 2020, 1:21 AM

        Oh, wow. Lot's that can go wrong I see. It all seemed so simple!

        G 1 Reply Last reply Apr 22, 2020, 6:24 AM Reply Quote 0
        • D
          Derelict LAYER 8 Netgate
          last edited by Apr 22, 2020, 1:23 AM

          It is probably one of the things in that list.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • G
            Gertjan @lyle817
            last edited by Apr 22, 2020, 6:24 AM

            @lyle817 said in Forwarding port 80:

            It all seemed so simple!

            And it is.

            The NAT page that permits you to set up a NAT rule is actually always the same on every router on the planet for the last 30 years or so ...

            What most people initially forget, is that their WAN interface doesn't use their 'real' outside WAN IP, but an RFC 1918, given to pfSense by an upstream router, most probably theirISP router.
            In such a case, a NAT rule has to be set up in that router also. Or, if pfSense is the only device hooked up to the ISP router, something like "DMZ" could be activated on that router.

            Promised : thing will get easier as soon as you start using IPv6, there will be less things to enter ;) No more NAT, just a simple firewall rule.

            Remember : NAT shouldn't be 'simple' because it introduces a security issue : if the downstream web server, the freenas, has issues, someone from the outside could exploit it, thus gaining access to your LAN ...

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • L
              lyle817
              last edited by Apr 23, 2020, 1:08 AM

              Thanks for the words of encouragement! Good point that NAT shouldn't be simple.

              So did my rule above look correct as near as you could tell? The NAT page may be 30 yrs old, but this is my first rodeo.

              For #5 common problem: ISP blocking- how could I figure this out? Do I just call them up and ask? My ISP tech support are knuckleheads, doubt they would have a clue what I was asking!

              1 Reply Last reply Reply Quote 0
              • D
                Derelict LAYER 8 Netgate
                last edited by Derelict Apr 23, 2020, 2:08 AM Apr 23, 2020, 2:06 AM

                Nothing has really changed in 30 years where NAT is concerned.

                Did you go through all of the list there to determine where your particular port forward is breaking?

                For #5 common problem: ISP blocking- how could I figure this out? Do I just call them up and ask? My ISP tech support are knuckleheads, doubt they would have a clue what I was asking!

                But if they are not forwarding the inbound connections there is absolutely nothing the firewall (or we) can do about it.

                Packet capture on the WAN to see if the connection attempt is actually arriving, as stated in that document.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • L
                  lyle817
                  last edited by Apr 23, 2020, 2:28 AM

                  Not yet, but I promise I will do my homework this weekend!

                  1 Reply Last reply Reply Quote 0
                  5 out of 8
                  • First post
                    5/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received