Cannot Forward Port 80 to Web Server

Gertjan

Where is this web server situated ? On one of your LANs ?
Or do you mean the GUI webserver of pfSense ?

testcb00

@gertjan

I have an Apache24 server on my LAN,
I am not meaning the GUI webserver of pfSense.

Besides, I would like to discuss about the GUI webserver of pfSense. Seems I can access it from WAN if I uncheck the "Disable webConfigurator redirect rule" in Advanced Config

Gertjan

An example :

and the auto generated firewall rule :

The destination address is - I created an alias called 'diskstaion2" point to an IPv4 that lives on my LAN.
Why is your destination WAN ???

Btw : just for good matters : move the pfSense http and https out of the way, like 81 and 444.

Also : web server access is TCP only.

edit : I also have a 'source' alias, called 'SYS_URL'. This one lists all the allowed IP addresses. In your case its probably "*" or everybody.

testcb00

@gertjan Seems my config has no difference between your config, my WAN is WAN_I350_1G_2?
My pfsense https UI port has been moved to non 443 port
Do I need to reconfigure UI to http protocol first?
Then change UI port to 80 to reconfigure once and change port to non-80 for unbind the port 80?
Finally change back to https and reconfigure once and change port to non-443 for unbind the port 443?

Gertjan

@testcb00 said in Cannot Forward Port 80 to Web Server:

.... my WAN is WAN_I350_1G_2?

But your web server is not on your WAN. It's on your LAN. Use the server's IP address as the Destination.

@testcb00 said in Cannot Forward Port 80 to Web Server:

Do I need to reconfigure UI to http protocol first?
Then change UI port to 80 to reconfigure once and change port to non-80 for unbind the port 80?
Finally change back to https and reconfigure once and change port to non-443 for unbind the port 443?

Just get it out of the way.
And never use these port from "WAN", only LAN.

testcb00

@gertjan My blank space is already local IP (Web server IP)......maybe I hide them so that I mislead you, sorry

Besides, I find that the port forward is working, I own two public IP, my pfsense is IP A, and my Wi-Fi Hotspot is IP B. If I use Wi-FI (IP B), I can get in my website BUT I cannot use IP A device (device behind pfsense) to get in my website......

Gertjan

@testcb00 said in Cannot Forward Port 80 to Web Server:

I own two public IP, my pfsense is IP A, and my Wi-Fi Hotspot is IP B

?
You are using public IP's on your LAN interfaces LAN and OPT1 ?

@testcb00 said in Cannot Forward Port 80 to Web Server:

If I use Wi-FI (IP B), I can get in my website

where the web site is on the LAN, right ?

@testcb00 said in Cannot Forward Port 80 to Web Server:

BUT I cannot use IP A device (device behind pfsense) to get in my website......

I this case, the web site and the device are on the same network segment, right (all connected to the same LAN segment) ?

testcb00

@gertjan Please review the below photo

Scenario 1 (Red): I can access my website (http://webserver-domain) via Modem A (IP A).
Scenario 2 (Blue): I can access my website (http://webserver-local-ip) via Intranet (Inside pfSense)
Scenario 3 (Green): I cannot access my website (http://www.webserver-domain.com)

Seems my rule has problem?

NAT Rules:

WAN Rules:

LAN Rules:

Gertjan

@testcb00 said in Cannot Forward Port 80 to Web Server:

Scenario 3 (Green): I cannot access my website (http://www.webserver-domain.com)

Classic case.
Video just for you.

Or : Goto unboud settings, at the bottom of the page, create a host override.
Done.

testcb00

@gertjan Thank you very much. The Host Override done the job. I also find that I might have wrong DNS resolver settings: I choose both the "Network Interfaces" and "Outgoing Network Interfaces" to all.

However, I do not understand why I cannot use Scenario 3 to access the website. The "Host override" option in DNS resolver override the IP address of the public IP to the webserver local IP, making it to Scenario 2.