Port forward redirects to private internal ip address from WAN



  • First off, I have a brain injury which I have recovered well from, hence I am nerdy since I thankfully didn't lose this skill/hobby. I have short term memory loss and other difficulties such as written/spoken communication. Often times I accidentally omit details or word things funny. Please bear with me, post questions for clarification, helpful details, or if I omitted any vital details. I very much appreciate your assistance, and your time.

    I have a web server which I want to port forward HTTP(S) through my firewall to be accessed externally. I have a dynamic dns service set up which is functioning great and always shows my domain has the latest IP update. When I access the domain externally from the Internet with a web browser (http://vtiger.gokcm.xyz) while using ports 80/443 (or 8080/8443 for that matter) which are forwarded to the internal webserver's ports 80/443 internally, I see in my Firefox URL bar that I was redirected to the internal webserver's ip, 192.168.1.253. So firefox was taking me to an address on a non-existent subnet on my local network instead of NAT and port forwarding on the remote network and presenting me locally with the remote wobpage. The URL bar displays this redirection as 'http://192.168.1.253/'

    It's as if the firewall's dns resolver is answering WAN dns queries and handing out internal ips when redirecting instead of doing NAT and port forwarding. I have had this work easily before on other pfsense firewalls I have had. Only differences I can see would be dns is more complicated because this one is for a business. I have ports 22 and 8686 successfully forwarded to two different VMs ssh ports, and can access them fine remotely, so I don't believe any ports are blocked. Please post questions if you need any verification, if you had the same situation or similar, anything helps. Thank you for your time!

    Fact Sheet

    For those driven by facts!

    • CANNOT see a webpage at the domain vtiger.gokcm.xyz or kevins.nerd-exchange.com

    • CAN ssh into internal vms externally, using ports 22/8686 - CAN see webpage on home network where I have a similar setup with port forwarded firewall, same firewall OS and version, same firewall rules being setup (haven't compared exactly side by side but will in a min and edit this post)



  • QnD comment: this looks more like a web-server issue than a pfsense issue. It must be the web server that redirects you to another ip address. Can you try by port forwarding to another TCP service just to see if this simpler scenario works? Can you do some simple tcp connect tests from another pfsense or via nmap to verify that the basic TCP 3 way handshaking is taking place (it should since you connect and get forwarded but such simple tests will help you divide the problem in smaller steps).



  • That is very astute of you and is the exact problem! I installed nginx on the internal webserver and started that instead. Flawless port forward after!

    The problem is in my apache config that I forgot to go back and clean up when I mas tinkering.

    Thank you very much, ndemou!


Log in to reply