Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Port forward redirects to private internal ip address from WAN

    NAT
    2
    3
    287
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      khamil8686 last edited by

      First off, I have a brain injury which I have recovered well from, hence I am nerdy since I thankfully didn't lose this skill/hobby. I have short term memory loss and other difficulties such as written/spoken communication. Often times I accidentally omit details or word things funny. Please bear with me, post questions for clarification, helpful details, or if I omitted any vital details. I very much appreciate your assistance, and your time.

      I have a web server which I want to port forward HTTP(S) through my firewall to be accessed externally. I have a dynamic dns service set up which is functioning great and always shows my domain has the latest IP update. When I access the domain externally from the Internet with a web browser (http://vtiger.gokcm.xyz) while using ports 80/443 (or 8080/8443 for that matter) which are forwarded to the internal webserver's ports 80/443 internally, I see in my Firefox URL bar that I was redirected to the internal webserver's ip, 192.168.1.253. So firefox was taking me to an address on a non-existent subnet on my local network instead of NAT and port forwarding on the remote network and presenting me locally with the remote wobpage. The URL bar displays this redirection as 'http://192.168.1.253/'

      It's as if the firewall's dns resolver is answering WAN dns queries and handing out internal ips when redirecting instead of doing NAT and port forwarding. I have had this work easily before on other pfsense firewalls I have had. Only differences I can see would be dns is more complicated because this one is for a business. I have ports 22 and 8686 successfully forwarded to two different VMs ssh ports, and can access them fine remotely, so I don't believe any ports are blocked. Please post questions if you need any verification, if you had the same situation or similar, anything helps. Thank you for your time!

      Fact Sheet

      For those driven by facts!

      • CANNOT see a webpage at the domain vtiger.gokcm.xyz or kevins.nerd-exchange.com

      • CAN ssh into internal vms externally, using ports 22/8686 - CAN see webpage on home network where I have a similar setup with port forwarded firewall, same firewall OS and version, same firewall rules being setup (haven't compared exactly side by side but will in a min and edit this post)

      1 Reply Last reply Reply Quote 0
      • N
        ndemou last edited by

        QnD comment: this looks more like a web-server issue than a pfsense issue. It must be the web server that redirects you to another ip address. Can you try by port forwarding to another TCP service just to see if this simpler scenario works? Can you do some simple tcp connect tests from another pfsense or via nmap to verify that the basic TCP 3 way handshaking is taking place (it should since you connect and get forwarded but such simple tests will help you divide the problem in smaller steps).

        1 Reply Last reply Reply Quote 0
        • K
          khamil8686 last edited by

          That is very astute of you and is the exact problem! I installed nginx on the internal webserver and started that instead. Flawless port forward after!

          The problem is in my apache config that I forgot to go back and clean up when I mas tinkering.

          Thank you very much, ndemou!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post