How to Nat a web server
-
Hi,
I have a wordpress website reachable from my LAN and i would like to reach it from the WAN but it doesn't work, i guess i have missed something somewhere but i don't see where…
-
My web server is a debian LAMP with iptables switched off, i have checked his gateway, it is the adress of my LAN pfsense Ip adress, i can reach it with from LAN without problem and i can ping it from my pfsense shell. The website is reachable on the port 80.
-
I don't use any other proxy or router exept my pfsense, and i can reach the the webinterface of my pfsense from the WAN on the customised port
-
In the tab "System - Advanced" i have checked this option:
http://hpics.li/d014b0a -
In the tab "SystemAdvanced -Firewall NAT" i have checked this 2 options and try to replace nat + proxy by Pure Nat but it still doesn't work
http://hpics.li/691e9e0 -
And here comes by NAT Rule:
http://hpics.li/61cf26d
I must be missing something but i don't see what... Does someone have any ideas ?
-
-
The NAT rule by default does not allow access to LAN devices. You also need a filter rule.
However, you may let the NAT rule add automatically a filter rule by selecting "add associated filter rule" down at "Filter rule association". -
Hello viragomann,
Thank you i appreciate your help, by default the NAT reflection rules was "disabled", i changed it for Pure NAT and then NAT +proxy. But once i select a "Filter rule association" like "pass" or "create a new associated rules" it is better !
Instead of having this (what is displaid from the LAN with the private adress):
http://hpics.li/c45eb3cI get this (from WAN with the public address):
http://hpics.li/ad55aa5Also, the page takes a wild to display :(
-
I see, so this is another issue.
Try to check "WebGUI redirect" in System > Advanced if it isn't already.
NAT reflection is another thing. That's for accessing internal devices by the external address.
-
Hi,
Thanks for the tips, i had alreday checked this box, i try to disabled it bu the issue is still present :( Do you know where can i find some help ?
-
In the page source, how is the address for the image handled?
-
You mentioned you are running your LAMP server on customized port, but if I check your pic earlier, the port listed in HTTP.
What's the port you are using on your LAMP Server?
What's the URL you use to hit it internally?
What's the URL you use to hit it externally?
Rather than doing NAT for internal access, use a DNS override as it works much smoother and removes a connect to the pfSense router and back.
As a side note, I wouldn't really put my WebGUI available on the WAN, I'd just configure OpenVPN or something and connect via that route as it's much more secure.