[SOLVED] How to access to server in DMZ

WhiteTiger-IT · Jul 19, 2020, 9:57 AM

In pfSense there are no port forwarding rules, only the two automatically created in Outbound.
This is the WAN screenshot about rules.

This is the screenshot of the router

Bob.Dig · Jul 19, 2020, 10:04 AM

@WhiteTiger-IT In a normal setup, your router would forward those or any ports to the pfSense WAN-Interface and then you would need to port froward from there to your actual server. So you would need to portforward in pfSense too, doing double-NAT. But maybe your setup is different, but you haven't told us in your first post.

WhiteTiger-IT · Jul 19, 2020, 10:08 AM

@Bob-Dig said in How to access to server in DMZ:

@WhiteTiger-IT In a normal setup, your router would forward those or any ports to the pfSense WAN-Interface and then you would need to port froward from there to your actual server. So you would need to portforward in pfSense too, doing double-NAT. But maybe your setup is different, but you haven't told us in your first post.

I am now starting to configure pfSense in my "personal laboratory" to learn how to use it.
The rules entered are those that I also viewed in previous posts. There are no other rules and these are used to access the server from my PC and to make updates.
These are rules that I took from the official help.
In DMZ there is an Apache with only the default page, to do the tests I think it is enough.

Bob.Dig · Jul 19, 2020, 10:12 AM

@WhiteTiger-IT So you haven't changed any settings in pfSense (System - Advanced - Firewall & NAT), then pfSense is its own router and you have to do double-NAT, like I said.

WhiteTiger-IT · Jul 19, 2020, 10:15 AM

@Bob-Dig said in How to access to server in DMZ:

So you haven't changed any settings in pfSense (System - Advanced - Firewall & NAT), then pfSense is its own router and you have to do double-NAT, like I said.

I have now created this NAT Port Forward rule.
Is this what you mean?

Bob.Dig · Jul 19, 2020, 10:17 AM

@WhiteTiger-IT More like this:
login-to-view

WhiteTiger-IT · Jul 19, 2020, 10:28 AM

I changed the NAT rule and didn't use aliases.
But now using the URL http: // IP-Address I get the Tunnel Connection Failed error

WhiteTiger-IT · Jul 19, 2020, 10:33 AM

Using a DDNS I get the error Connection Timed out
I don't find error in Syslog / Firewall

WhiteTiger-IT · Jul 19, 2020, 10:40 AM

Last week I contacted the ISP that manages the firewall; they told me that they were no problems and that is pfSense not to have the ports open.
How can I check if it is true?
I can only use tools on the Internet and this tells me that the doors are closed on the public address.
If from pfSense Diagnostic I ping from WAN on the server, it doesn't work, but maybe this is not enabled.

WhiteTiger-IT · Jul 19, 2020, 10:48 AM

AAARGHHHH!
DAMNED DHCP THAT CHANGED THE ADDRESS OF THE WAN CARD!

Everything is working!
I apologize very much and thank you for your support and patience!