Pfsense Occupying Port 80
- 
 @viragomann I did Sir, but still wont fix the issue. Still the pfsense is occupying the port.  
- 
 The Pfsense should not run on my public. I m opening my public IP from the Lan computer it is opening the Pfsense router login page. 
 Shouldn't Pfsense run on Lan only and by default its occupying the port 80 and 443 that means if someone wants to run their website they cant just port forward and be ready to go because of router, I m only able to use my website on local IP. I have reset the router to default more than 20-30 times and again same issue. I m tired of this... Why is it clashing with the web port.
- 
 @apaar said in Pfsense Occupying Port 80: I did You didn't. 
 You changed the https port - which was 443 (the default) to 444.First, switch back to 'http'. And validate. 
 Now, change that port "80" to ..... 81 ?!
 And validate.
 Switch back to https ..... etc.Now, the http port of pfsense is out of the way. As @viragomann said : exposing the pfSense on the WAN is just 'not done'. Its bad practice at best. If you need to access the GUI from 'the outside, go for a VPN type of access. edit : a web server project that uses port 80 ? 
 That's something of the past. It should be : TLS (https) using port 443.
 Every browser on the planet supports TLS (https).Also : I just added a NAT rule that NAT's from the Internet to a LAN based web server using port 80. It's our airco controller. I did not change the http pfSense web GUI port, it is still port 80. Proof : [2.5.0-RELEASE][admin@pfsense.my-domain.tld]/root: sockstat -4Lv | grep '80' root lighttpd_p 88456 4 tcp4 10.10.10.1:80 *:* root nginx 60075 7 tcp4 *:80 *:* root nginx 59840 7 tcp4 *:80 *:* root nginx 59598 7 tcp4 *:80 *:* ? ? ? ? tcp4 192.168.10.3:34480 216.146.43.71:80The last line even shows the connection from my phone accessing the local 192.168.1.17 web server. Conclusion didn't have to move the pfSense web GUI port. 
 As you can see, its still listening on all interfaces, WAN included, on port 80.
- 
 @gertjan 
 I m not enabling anything or I don't want to use pfSense on my public IP, The pfSense is giving that on its own and its not letting me give port 80 to the website. I did change the https port as well as the http port, but then pfsense is not letting me access the webui to change it back. it just wont open on local ip.
- 
 @apaar 
 How did you try to access it? If you set the HTTPS webConfigurator port to i.g. 444, you have to type
 https://<LAN-address>:444 into your browser on a LAN device to reach the web gui.How did you forward port 80 to your webserver? Provide more details, please. 
- 
 With the Disable webConfigurator redirect rule box checked, pfSense does not listen on port http/80. What port you use to listen on https doesn't matter here (unless it's port 80). I m opening my public IP from the Lan computer it is opening the Pfsense router login page. You're running into NAT reflection problems. First, test your site from the outside. If it works you know your port forward is good. Then figure out the NAT reflection issues you're seeing hitting the public IP address from the inside. https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html 
- 
 @derelict Sir the pfsense occupying the port 80 on local lan when I m trying to access my website from the same computer connected to pfsense on lan. 
- 
 @viragomann Yes, Sir I port forwarded correctly and I checked with a tool called simple port forwarding and it is working fine, there is no issue with the port forwarding its just the 80 port conflicting with the pfsense for some reason. I m also new to this so maybe I m making some mistake but as if now everything on my pfsense is on default. 
- 
 @derelict Could it be because of Pfblocker ? I have pfblocker enabled on my router. 
- 
 @apaar said in Pfsense Occupying Port 80: but I m trying to access my website on port 80 Where is this web server ? 
- 
 @gertjan The website is running on my local machine. 
- 
 So 
 http://127.0.0.1:80 will do just fine - that is the address of your own pc/device.You might use the IPv4 or IPv6 of your pc/device, depending how you have set up your web server. If the hostname of your pc/device is known to the pfSense DNS ( and you did not change any default settings of the DNS !! ) Example : 
 My pfSense : My Pc is called "pc" So I can : C:\Users\pc>nslookup pc Serveur : pfsense.mylocal-lan.tld Address: 2001:470:1ddf:5c0:2::1 Nom : pc.mylocal-lan.tld Addresses: 2001:470:1ddf:5c0:2::c7 192.168.1.6Thus I can use "http://pc.mylocal-lan.tld" which points to 192.168.1.6 : that is my pc. Surely not pfSense, who lives at 192.168.1.1 Btw : all this has little to with pfSense. 
- 
 @gertjan okay! I got understood some of it so will try and see if I can fix it. Thank you for your help. 
- 
 @gertjan Can you help me ? A bit as well ? If possible ? on discord.... Maybe have a look at it. 
- 
 @gertjan said in Pfsense Occupying Port 80: edit : a web server project that uses port 80 ? yes, if you have local sites e.g. for development (domain name is not www), you cannot create certificate and you will not have https. 
- 
 @apaar 
 How I get here? well, I have the same issue in Jan 2023 ...
 One usual case is the pfsense behind another router - modem and you connect your pfsense using static IP or DCHP. Almost in the half of cases you get troubles with the firewall on router - modem (especialy if it is a cheep one). I knew that years ago and I always buy a modem that supports PPPoE passthrough I this case pfsense is using the PPPoE functionality, and there are no other firewalls...
 But I do get troubles in the last two versions of pfsense (2.5 and 2.6) There are a lot of bugs... A couple of times I loose LAN connection with no reason and restarting webconfigurator from SSH console made the things worst. I added a new NIC, I make a LAN inteface assignment to the new NIC, I was able to login again ... just for making a user data backup.
 So, 2 days ago I had another nice symptom: trying to login I got a wondefull page : "hello word!!" the default html after installing new web service.!!! It's seems that this is a related problem with this topic. I am trying 5 days to solve the port 80 problem and still get the same result: port is stealth for outside word. I have a couple of other ports in NAT and there is no problem, which means I do things correctly ... Today I tried something extreeme: allow all from all and all together .. Still the port is Stealth .. May it's better to spent my time setting a plain linux machine and play with NICs, routing tables and linux ip tables. It will be more interesting and educational ...- good luck
 
- 
 @noisyjohn 
 *** I found a linux machine in the outer side of the word, and I did a port scan at my public IP (using linux nmap utility). the same problem with a bare, clean linux machine....
 end of story
 

