Port 443 blocked?
-
I am trying to set up port forwarding on my PfSense box. I forwarded Port 80 successfully, as confirmed by a port checker. I then cloned that rule and changed it to 443, however port checkers indicate that 443 is closed.
My assumption that my ISP (Charter/Spectrum) was blocking port 443. I called (twice) and they told me that Port 443 was NOT blocked.
So, since I cloned the rule for Port 80 (which was opened successfully), what else could I be doing wrong?
To make sure it wasn't the webservers firewall, I disabled UFW with the same result.
Any ideas where to look?
-
First thing I suggest you do is actually validate the traffic is getting to your wan. Simple sniff go to can you see me . org and test to 443. Do you see the traffic to 443 to your wan public IP?
If so then ether you have firewall rule blocking your port forward or something else wrong with the forward? 2nd step after you have validate your forward and firewall rule are valid is sniff on your lan side when you do the can you see me.. Do you see the traffic headed towards your lan side IP that you forwarded too.. Do you not get an answer - then its something between pfsense and the server your forwarding to - or the server not answering, or using a different gateway than pfsense, etc.
Its all pretty well all documented here
https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.htmlIt really should only take a couple of minutes to figure out where the problem is.
Until you actually validate pfsense is seeing the inbound traffic to its wan IP - its pointless to look elsewhere since pfsense can not do anything with the forward if there is no traffic getting to it to forward.
-
@johnpoz said in Port 443 blocked?:
So what I have done is enabled logging on that rule, and I can see that it's passing traffic on webserverip:443 in the system logs.
So all I can assume at this point is that it's the webserver that is blocking traffic on port 443? The port checker still indicates that 443 is closed, but port 80 is open.
-
Well did you validate that your server is listening on 443? While a rule check is a way to validate if traffic hits.. It can be useful to actually sniff on your lan side with the package capture and see if client sends back a Reset or ICMP redirect, etc. Or just doesn't answer your syn that would be sent.
If your saying 80 works then have to assume your gateway is correct on that device sending back to pfsense. So its either a firewall on the device or the device isn't even listening on 443.
-
This post is deleted!