Firewall bocks all http traffice access to internal zone



  • I have a web site in LAN zone. I have created a rule for accessing directly to internal web server in WAN interface. I can do ping or ssh to the internal web server from external zone directly (no NAT), but I can not access to website of this server (on port 80). When I have changed web port to 8888, I can access the website. Does pfsense drop all inbound traffic of port 80. Is there any ways to solve this problem?



  • Have you activate the NAT reflection for this Rule?



  • I don't use NAT in this case. I access to internal server directly.



  • Maybe a screenshot of the rule can help! (wipe eventual sensitive information).



  • I can just describe the system. I have a internal web server (192.168.1.100). In WAN interface of pfSense, I created a rule allowing all traffic from external zone access to web server like this:

    Allow; Protocol IPv4 *; Source *; Port *; Destination 192.168.1.100; Port *; GW *

    My internal interface of pfSense is 192.168.1.1/24.

    When I've applied this rule, I can do ping or ssh to web server from external zone, but I can't access to website (port 80). In internal zone, I can access all of them (ping, ssh, http). I created another web server running in port 80, and I could not access it too. I tried to change port from 80 to 8888 then I could access the website.

    PfSense maybe drop all http traffic running in port 80 from external zone to internal zone. Is there any options in pfSense blocking this traffic? I use pfSense 2.4.3-RELEASE.



  • If your trying to access the server at 192.168.1.100 from another machine on the same subnet then the traffic never touches the firewall.. What kind of switch are you using?



  • I use vmware vswitch. All machines run in vmware.



  • Ok- Still the same answer.. Internal network traffic does not cross the firewall, unless you are trying to bridge interfaces.


  • Rebel Alliance Global Moderator

    So you turned off nat and your wan is 192.168.1 and your lan is 192.168.1?

    Yeah that is not going to work.. Are you trying to use pfsense as transparent bridge?

    web server (192.168.1.100). In WAN interface of pfSense

    My internal interface of pfSense is 192.168.1.1/24.

    As chpalmer stated arleady devices on the same network do go across a router to talk to each other..


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy