Cannot Forward Port 80 to Web Server
-
Hi everyone,
I just found that I cannot forward port 80 to my webserver.My configuration is as below
What is the problem? I can forward port 443 and it works, but I cannot forward 80......
-
Where is this web server situated ? On one of your LANs ?
Or do you mean the GUI webserver of pfSense ? -
I have an Apache24 server on my LAN,
I am not meaning the GUI webserver of pfSense.Besides, I would like to discuss about the GUI webserver of pfSense. Seems I can access it from WAN if I uncheck the "Disable webConfigurator redirect rule" in Advanced Config
-
An example :
and the auto generated firewall rule :
The destination address is - I created an alias called 'diskstaion2" point to an IPv4 that lives on my LAN.
Why is your destination WAN ???Btw : just for good matters : move the pfSense http and https out of the way, like 81 and 444.
Also : web server access is TCP only.
edit : I also have a 'source' alias, called 'SYS_URL'. This one lists all the allowed IP addresses. In your case its probably "*" or everybody.
-
@gertjan Seems my config has no difference between your config, my WAN is WAN_I350_1G_2?
My pfsense https UI port has been moved to non 443 port
Do I need to reconfigure UI to http protocol first?
Then change UI port to 80 to reconfigure once and change port to non-80 for unbind the port 80?
Finally change back to https and reconfigure once and change port to non-443 for unbind the port 443? -
@testcb00 said in Cannot Forward Port 80 to Web Server:
.... my WAN is WAN_I350_1G_2?
But your web server is not on your WAN. It's on your LAN. Use the server's IP address as the Destination.
@testcb00 said in Cannot Forward Port 80 to Web Server:
Do I need to reconfigure UI to http protocol first?
Then change UI port to 80 to reconfigure once and change port to non-80 for unbind the port 80?
Finally change back to https and reconfigure once and change port to non-443 for unbind the port 443?Just get it out of the way.
And never use these port from "WAN", only LAN. -
@gertjan My blank space is already local IP (Web server IP)......maybe I hide them so that I mislead you, sorry
Besides, I find that the port forward is working, I own two public IP, my pfsense is IP A, and my Wi-Fi Hotspot is IP B. If I use Wi-FI (IP B), I can get in my website BUT I cannot use IP A device (device behind pfsense) to get in my website......
-
@testcb00 said in Cannot Forward Port 80 to Web Server:
I own two public IP, my pfsense is IP A, and my Wi-Fi Hotspot is IP B
?
You are using public IP's on your LAN interfaces LAN and OPT1 ?@testcb00 said in Cannot Forward Port 80 to Web Server:
If I use Wi-FI (IP B), I can get in my website
where the web site is on the LAN, right ?
@testcb00 said in Cannot Forward Port 80 to Web Server:
BUT I cannot use IP A device (device behind pfsense) to get in my website......
I this case, the web site and the device are on the same network segment, right (all connected to the same LAN segment) ?
-
@gertjan Please review the below photo
Scenario 1 (Red): I can access my website (http://webserver-domain) via Modem A (IP A).
Scenario 2 (Blue): I can access my website (http://webserver-local-ip) via Intranet (Inside pfSense)
Scenario 3 (Green): I cannot access my website (http://www.webserver-domain.com)Seems my rule has problem?
NAT Rules:
WAN Rules:
LAN Rules:
-
@testcb00 said in Cannot Forward Port 80 to Web Server:
Scenario 3 (Green): I cannot access my website (http://www.webserver-domain.com)
Classic case.
Video just for you.Or : Goto unboud settings, at the bottom of the page, create a host override.
Done. -
@gertjan Thank you very much. The Host Override done the job. I also find that I might have wrong DNS resolver settings: I choose both the "Network Interfaces" and "Outgoing Network Interfaces" to all.
However, I do not understand why I cannot use Scenario 3 to access the website. The "Host override" option in DNS resolver override the IP address of the public IP to the webserver local IP, making it to Scenario 2.