Unable to access web server outside of lan

  • Hello,

    I'm running an apache web server at home. This server is pretty much just used as a redirection proxy.  So for example, I own the domain myhouse.com (not the real name of course) but I want to access my plex server on port 32400 so my apache server redirects plex.myhouse.com to my internal plex server on the right port.  When i'm home, this works great, I run a few servers and can access all of them from my internal network. However, when i'm not connected to my LAN I can not reach them.  I do have a NAT rule setup on the WAN interface as follows:
    Interface: WAN
    Protocol: TCP
    Destination: WAN address
    Destination Port Range: HTTP
    Redirect Target IP: Local Web Server IP
    Redirect Target Port: HTTP
    NAT Reflection: Enable (NAT+Proxy)
    and I created an associated filter rule.

    I dont see where this would make a difference, but just to give you all the information about my setup, I also have a VPN setup to remote into my home network (I cannot access my webserver on here either, yet I can ping it?)

    I have other NAT rules setup to forward ports for plex for example so if i go to myhouse.com:32400 I can access my plex library fine. This lets me know the problem isn't with my plex server, but that I'm not reaching my web server to redirect my traffic when i go to plex.myhouse.com on port 80

    and finally all of my outbound traffic is routed through a PIA proxy.

    I have logging setup for my WAN and LAN rules both allow and deny, but I never see any traffic at all for port 80, even from my LAN - i have to be missing something but I cannot for the life of me figure out what it is. Oh, I forgot to mention i'm on version 2.4.1 of pfSense

    Thanks for any advice you can offer.

  • At this point I think i've come to the conclusion my isp is blocking inbound port 80 traffic which is why I never see traffic on port 80 hit my firewall.

  • Most residential ISP's do not allow port 25 or 80. Especially if those services are dynamically assigned IP's.
    But it's worth a call to them to check it out. Maybe they can offer an upgrade.

Log in to reply