• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Internal Web Server

Scheduled Pinned Locked Moved NAT
10 Posts 3 Posters 7.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    thinair
    last edited by Nov 20, 2005, 1:32 AM

    I did a clean install with the 0.94 liveCD, upgraded to 0.94.2, then started configuring from scratch instead of using my old config.

    I have a web server on my LAN, I made a NAT rule that looks like this.

    • <rule><external-address>any</external-address>
        <protocol>TCP</protocol>
        <external-port>80</external-port>
        <target>server</target>
        <local-port>80</local-port>
        <interface>wan</interface>
        <descr>Web Server</descr></rule>

    As soon as I apply that, I can't view any external websites and I get locked out of the webGUI. Actually it seems like the only thing I can do is ping the LAN interface on pfSense, and view the webpages on my server.

    I went into the shell via the console and browsed around until I found the config file, removed the above rule and the accompanying firewall rule, rebooted and I was back in business.

    I guess this has something to do with NAT reflection?  I didn't disable it before hand.

    Nelson Papel

    1 Reply Last reply Reply Quote 0
    • T
      thinair
      last edited by Nov 20, 2005, 1:38 AM

      nevermind, i disabled NAT reflection and put my aforementioned rule back in and everything is good.  I just remembered that I had this problem before.

      Nelson Papel

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by Nov 20, 2005, 1:52 AM

        @thinair:

        nevermind, i disabled NAT reflection and put my aforementioned rule back in and everything is good.  I just remembered that I had this problem before.

        Please share with us what rule is causing this.  Reflection should not be causing these issues.

        1 Reply Last reply Reply Quote 0
        • T
          thinair
          last edited by Nov 20, 2005, 2:54 AM Nov 20, 2005, 2:51 AM

          @sullrich:

          Please share with us what rule is causing this.  Reflection should not be causing these issues.

          The rule is in the first post

          Nelson Papel

          1 Reply Last reply Reply Quote 0
          • S
            sullrich
            last edited by Nov 20, 2005, 2:55 AM

            @thinair:

            @sullrich:

            Please share with us what rule is causing this.  Reflection should not be causing these issues.

            The rule is in the first post

            This is not happening to me.  I have many web servers (5+) redirected at my work and we do not see this behavior.  You're on 0.94+ ?

            1 Reply Last reply Reply Quote 0
            • T
              thinair
              last edited by Nov 20, 2005, 6:14 AM

              Ok, I'm currently on version 0.94.4, which was upgraded from 0.94.2, and that was upgraded from a 0.94.0 clean install.

              I went and enabled NAT reflection and within 5 seconds anything using port 80 was dead, including the webGUI (I should really set the webGUI to SSL again).  So again I went sifting though the config.xml file and with an older backup copy as a reference I figured out where to add the <disablenatreflection>yes</disablenatreflection> statement, rebooted and I'm all good again.

              Nelson Papel

              1 Reply Last reply Reply Quote 0
              • S
                sullrich
                last edited by Nov 20, 2005, 6:18 AM

                @thinair:

                Ok, I'm currently on version 0.94.4, which was upgraded from 0.94.2, and that was upgraded from a 0.94.0 clean install.

                I went and enabled NAT reflection and within 5 seconds anything using port 80 was dead, including the webGUI (I should really set the webGUI to SSL again).  So again I went sifting though the config.xml file and with an older backup copy as a reference I figured out where to add the <disablenatreflection>yes</disablenatreflection> statement, rebooted and I'm all good again.

                Okay, please enable nat reflection.  Wait until port 80 is no longer working then send me the contents of /tmp/rules.debug to sullrich@gmail.com.    I will take a look at why this happening.

                And for the record, you are dhcp, ppoe, pptp on wan?

                1 Reply Last reply Reply Quote 0
                • T
                  thinair
                  last edited by Nov 20, 2005, 6:43 AM Nov 20, 2005, 6:33 AM

                  PPPoE, and email sent

                  Nelson Papel

                  1 Reply Last reply Reply Quote 0
                  • S
                    sullrich
                    last edited by Nov 20, 2005, 6:45 AM

                    @thinair:

                    PPPoE, and email sent

                    Thanks, I'll check it out this afternoon.

                    1 Reply Last reply Reply Quote 0
                    • B
                      bruor
                      last edited by Dec 7, 2005, 10:19 PM

                      nat reflection should only take effect for packets that are destined to the wan interface right ?

                      additionally,  if nat reflection was forwarding those packets to my web server, i would have gotten the page that is hosted on it…

                      let me know if there is anything i can do as well to help with this.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received