Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense Not Routing Public WiFi to Internal Web Server

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 496 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gr8Britton
      last edited by

      We used to have our OpenMesh WiFi network on its own network with a physical Firewall that connected to a switch that was on our router. (Inherited setup) Our pfSense router sends all HTTP/HTTPS requests on our Public IP address to a Windows IIS server that does reverse proxy to send to the appropriate internal web server/site. This was working fine.

      I setup a new SSID in OpenMesh that has LAN access and left the original SSID as is for public Internet access. I then connected the OpenMesh WiFi network directly to our internal network. Now, the private SSID (newly created SSID) works fine and is part of the internal network, as desired.

      However, the public SSID (original) will NOT route to the IIS Reverse Proxy server. Instead, it stops at our router and is not forwarded. This is ONLY happening for those connected to the PUBLIC WiFi SSID. Anyone on the local network (internal DNS Server routes to the proper internal server) or on an outside network route fine. For instance, my phone only my carrier's data network will route to the proper internal IIS server based on the URL. Once I connect the device to the public WiFi, I can browse the internet but pfSense is not routing the URLs to our internal web servers. Instead, I get the pfSense login screen.

      Any ideas what I'm missing here? Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        This pretty much:
        https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html

        If you can't do split DNS for that traffic you need to enable NAT reflection.

        Steve

        1 Reply Last reply Reply Quote 0
        • G
          Gr8Britton
          last edited by

          Thanks for that info. I'm going to read up on that. I tried enabling NAT reflection for a moment and that did fix my issue. However, it had worse affects on other parts of our network. LOL! I'll see what I can do.

          Again, thanks!

          1 Reply Last reply Reply Quote 0
          • G
            Gr8Britton
            last edited by

            The OpenMesh APs connect to our internal network and have an internal IP. For the Public/Guest WiFi, it acts as its own DHCP/DNS/Gateway for the clients that connect to the AP. It then only routes traffic from the AP to our pfSense router to get access to the Internet while not allowing access to the internal network.

            The Split DNS is not making a difference since the client DNS server is the AP, not the pfSense router. I tried the other options but had all kinds of issues.

            I'll take a look at the switches we have (hadn't reviewed them yet since I'm new with this company) and see if maybe I can setup a VLAN for the public WiFi and only allow the VLAN to access the Internet.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.