Troubles port forwarding HTTPS

alex17857 · Jan 11, 2017, 5:22 AM

Hello,

I have setup a pfsense server behind my home ADSL2+ router. I have to use the router as the WAN GW because I only have ADSL2+ available at my property and I need the modem to take the phone line in and turn it into usable ethernet.

The router is on 192.168.1.1 (192.168.1.0/24) - internet gateway/network only
The pfsense server is on 192.168.2.1 (192.168.2.0/24) - internal firewall/network

I have given the pfsense server a static IP of 192.168.1.10 on the router/internet gateway and placed the IP 192.168.1.10 in a DMZ to forward all traffic to the pfsense server.

I have two desktops connected to the pfsense server using DHCP. I also have a server connected to pfsense using a static IP (192.1682.54).

I confirmed that NAT is working by port forwarding MS RDP (3389) to my desktop (192.168.2.15). I then accessed MS RDP using my public IP address and dynamic DNS address successfully.

My problem is that I cannot access my ownCloud server over HTTPS using my public IP. The servers has a static IP address of 192.168.2.54 and I cannot for the life of me get port forwarding to work for HTTPS.

Things I have tried:

Moving pfsense HTTPS port from 443 to 8081 in case there was a conflict
Disabling webConfigurator redirect rule
Using NAT reflection Disabled, Enable (Pure NAT), and Enable (NAT + Proxy)

Something else to note (may or may not matter) is that I am running a squid proxy to help reduce bandwidth.

I am new to pfsense I am not sure what else to try. I am hoping someone here can point me in the right direction :)

Here are some screenshots that may help -

doktornotor · Jan 11, 2017, 9:54 AM

So your WAN is RFC1918 and you are blocking private networks? Will never work. Plus, will never work even without blocking that unless you do the forwarding on the router if front of pfSense first.

alex17857 · Jan 11, 2017, 7:21 PM

@doktornotor:

So your WAN is RFC1918 and you are blocking private networks? Will never work. Plus, will never work even without blocking that unless you do the forwarding on the router if front of pfSense first.

Thank you for your response. My pfsense server is configured in a DMZ on the internet gateway router as per my initial post. I have confirmed that this is working by configuring NAT for MS RDP. I have unblocked private networks as you suggested, however, I still cannot contact my web server :(

doktornotor · Jan 11, 2017, 7:25 PM

Yeah, DMZ won't normally DMZ the webGUI port, otherwise you'd just get cut off. Bridge the DSL modem. Does not help? Check the ISP about 80/443 blocking.

alex17857 · Jan 11, 2017, 11:16 PM

@doktornotor:

Yeah, DMZ won't normally DMZ the webGUI port, otherwise you'd just get cut off. Bridge the DSL modem. Does not help? Check the ISP about 80/443 blocking.

I feel really silly right now. I logged into the internet router (192.168.1.1) and noticed that port 443 was still configured for the servers old address prior to being moved to the pfsense network. I have removed the NAT config and left DMZ configured and everything works now.