Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WebServers behind two pfSenses do not work

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    8 Posts 4 Posters 962 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      robsonfelix
      last edited by

      Guys,

      This is my scenario. Please note IPs are changed for security purposes.

      This is my topology:

      DATA CENTER
      –---------
      10.20.0.0/23 - servers (netmask 255.255.254.0)
      10.20.0.254 - pfsense 2.2.2-RELEASE

      suppose a web server with IP 10.20.1.6 under Linux/Apache

      OFFICE

      10.20.4.0/24 - desktops (netmask 255.255.255.0)
      10.20.4.254 - pfsense 2.2.6-RELEASE

      suppose a desktop with IP 10.20.4.100 with Windows

      DATA CENTER and OFFICE are both connected through a LAN-to-LAN link.

      When connecting from the OFFICE into the DATA CENTER, everything works except HTTP (port 80).

      I have been battling with this for days without any clues as to why this is happening. If I do a tcpdump on the webserver hosted in the datacenter I can see traffic from the host at 10.20.4.100, but when capturing those packages on both pfSense firewalls all of them are 0 in length.

      If I try ping, traceroute, and everything else targeting that server, it all works. I can SSH to that host and all. But no HTTP.

      If I use any machine at the DATA CENTER, I can successfully connect and browse the server at 10.20.1.6.

      Thoughts?

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Thoughts?

        You should try posting your questions in one of the many support forums that you had to scroll past to get to this General Discussion forum.  Try General Questions or NAT.

        If you're running pfSense WebGUI on 80/tcp (which is the default), you can't use it's WAN IP address to forward an HTTP server on port 80.  Either use a Virtual IP and forward your web server using that, or change the WebGUI port to something other than 80, or access your web server using HTTPS.

        1 Reply Last reply Reply Quote 0
        • R
          robsonfelix
          last edited by

          All is being done locally. This is not for external access.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            I probably misread your description.  When you said that HTTP doesn't work, I assumed you meant that you were trying to connect from an OFFICE computer to a DATACENTER web server, and couldn't connect.  Could you elaborate please?

            1 Reply Last reply Reply Quote 0
            • M
              marcvb
              last edited by

              I do not realy understand the configuration. Is this a nat ?
              Is the pfsense management on port 80 ?

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                Yeah I'm not clear on what's the issue either.

                1 Reply Last reply Reply Quote 0
                • R
                  robsonfelix
                  last edited by

                  @KOM:

                  I probably misread your description.  When you said that HTTP doesn't work, I assumed you meant that you were trying to connect from an OFFICE computer to a DATACENTER web server, and couldn't connect.  Could you elaborate please?

                  That is correct. HTTP servers with port 80 at the DATACENTER cannot be accessed from the OFFICE. If I use port 443 on those same servers I can access all of them from the OFFICE.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    When you say "LAN-to-LAN link." you just mean some form of point to point L2 connection?

                    So you have an interface on pfsense that you put some transit IP range on - see attached simple drawing.

                    So you are not natting to this transit?  Are you using any transparent proxy on either pfsense on these interfaces?  What are the firewall rules on these interfaces on each pfsense, on the transit network, any sort of floating rules?  What is the static routes you create on each pfsense for the different networks.. I assume your routing is correct since you say all works other than 80..

                    Maybe issue with using a proxy, or your natting?  Always helps to have the full picture of the setup to try and figure out what is not right..

                    yournetwork.png
                    yournetwork.png_thumb

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.