VIP and firewall rules problem



  • Hello,

    I am having trouble with VIPs and forwarding traffic to internal servers. I configured a VIP for an internal web server and another VIP for for DNS server. I then add 1:1 mapping using the "alias" type to the respective internal addresses. Finally I add firewall rules to allow anything from the WAN interface to connect to 443 tcp to the internal web server address, and also to allow anything from the WAN interface to connect to 53/udp on the internal DNS server address. I then do a port scan of the VIPs but the results appear as if they are coming from the pfsense box instead of the servers. For example, I expect to get the SSL cert of the server back in my nmap scan results, but instead I get the self signed one from pfsense, telling me the web server on the pfsense box is responding and not the internal web server.

    Any thoughts?



  • Obviously your pfSense is listening to port 443. Change the GUI port in System > Advanced.



  • That did not solve it, and I'm not quite sure why it would? Why would the pfsense GUI be listening automatically on ALL of my public addresses?

    Any other ideas?



  • The pfSense web server listens on each IP assigned to any of its interfaces.


Log in to reply