Internal Web Server
-
I did a clean install with the 0.94 liveCD, upgraded to 0.94.2, then started configuring from scratch instead of using my old config.
I have a web server on my LAN, I made a NAT rule that looks like this.
- <rule><external-address>any</external-address>
<protocol>TCP</protocol>
<external-port>80</external-port>
<target>server</target>
<local-port>80</local-port>
<interface>wan</interface>
<descr>Web Server</descr></rule>
As soon as I apply that, I can't view any external websites and I get locked out of the webGUI. Actually it seems like the only thing I can do is ping the LAN interface on pfSense, and view the webpages on my server.
I went into the shell via the console and browsed around until I found the config file, removed the above rule and the accompanying firewall rule, rebooted and I was back in business.
I guess this has something to do with NAT reflection? I didn't disable it before hand.
- <rule><external-address>any</external-address>
-
nevermind, i disabled NAT reflection and put my aforementioned rule back in and everything is good. I just remembered that I had this problem before.
-
nevermind, i disabled NAT reflection and put my aforementioned rule back in and everything is good. I just remembered that I had this problem before.
Please share with us what rule is causing this. Reflection should not be causing these issues.
-
Please share with us what rule is causing this. Reflection should not be causing these issues.
The rule is in the first post
-
-
Ok, I'm currently on version 0.94.4, which was upgraded from 0.94.2, and that was upgraded from a 0.94.0 clean install.
I went and enabled NAT reflection and within 5 seconds anything using port 80 was dead, including the webGUI (I should really set the webGUI to SSL again). So again I went sifting though the config.xml file and with an older backup copy as a reference I figured out where to add the <disablenatreflection>yes</disablenatreflection> statement, rebooted and I'm all good again.
-
Ok, I'm currently on version 0.94.4, which was upgraded from 0.94.2, and that was upgraded from a 0.94.0 clean install.
I went and enabled NAT reflection and within 5 seconds anything using port 80 was dead, including the webGUI (I should really set the webGUI to SSL again). So again I went sifting though the config.xml file and with an older backup copy as a reference I figured out where to add the <disablenatreflection>yes</disablenatreflection> statement, rebooted and I'm all good again.
Okay, please enable nat reflection. Wait until port 80 is no longer working then send me the contents of /tmp/rules.debug to sullrich@gmail.com. I will take a look at why this happening.
And for the record, you are dhcp, ppoe, pptp on wan?
-
PPPoE, and email sent
-
-
nat reflection should only take effect for packets that are destined to the wan interface right ?
additionally, if nat reflection was forwarding those packets to my web server, i would have gotten the page that is hosted on it…
let me know if there is anything i can do as well to help with this.