Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Webserver not accessible via WAN, pfsense behind fritzbox

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 478 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      renpen
      last edited by renpen

      Hi,
      I'm fairly new to pfsense and currently setting up my SG-3100.
      I have a small rPI4 (192.168.10.2) running on the OPT1 port with a small nginx server. Additionally, I use a fritzbox as modem and have configured the SG-3100 as exposed host. Fritzbox (192.168.178.1) and pfsense(192.168.1.1) have different subnets

      The nginx server should be accessible on port 80 from the Internet.
      So far, I have configured my firewall rules so that I can access the nginx server from my LAN and also that I can perform ping and nslookup from the rPI to the WAN, which works fine. I tried to configure the NAT rules to translate from the incoming WAN to my OPT1 network which does not work as the nginx server is not accessible via the Internet.
      These are my NAT rules:
      alt text
      The related firewall rule was generated automatically:
      alt text
      I'm trying to access the server with my smartphone which is connected via mobile internet via my public IP of my home network as dynDNS is not configured, yet.

      My main problem is that I do not have a clue on how to continue the investigation on what might be wrong. Hope that you can point me into a direction on what to check and what might be set-up the wrong way.

      Best,
      René

      --Edit:
      Can someone explain to me how to upload pictures? I tried with .jpg and .png. Both did not work, so I uploaded the screenshots to imgur ... .

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @renpen
        last edited by

        @renpen
        The NAT rule on WAN must have "WAN address" as destination.

        1 Reply Last reply Reply Quote 1
        • R
          renpen
          last edited by

          Hell yeah ... , simple as that. Thanks a lot!
          Although I do not quite understand why.
          The destination network is OPT1 as the server is running there. I want the traffic to be translated from WAN to OPT1. Why is it WAN, can you elaborate on that? Probably I got a concept wrong here?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @renpen
            last edited by

            @renpen
            That's a NAT rule.
            pfSense analysis the incoming packets. Each has a source IP and a destination IP in its header. In a NAT rule you instruct pfSense to forward a packet to a specific host behind if it has a specific destination IP.
            Now, you address your access to your public WAN IP. The FB forwards it to the pfSense WAN IP (it rewrites the destination IP). So the destination IP pfSense sees is the WAN address.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.