New to pfsense: trying to set up web server



  • Hi all,

    I recently got an SG-3100 and have an internet connection with a static IP. Here is what I would like to accomplish:

    I have a desktop computer (Ubuntu 18.04) that I'd like to use as a webserver, accessible to the public. I also have a laptop computer (also running Ubuntu) that I'd like to use to VPN into the desktop to perform updates and maintenance. So far I've done the following:

    1. Connect outgoing internet to WAN port
    2. Connect desktop to OPT1 port
    3. Connect laptop to LAN port

    This way, I can access 192.168.1.1 from my laptop.

    Next, to make OPT1 a DMZ, I followed this tutorial: https://www.ceos3c.com/pfsense/how-to-create-a-dmz-with-pfsense-2-4-2/

    Two questions:

    1. In the terminal on my desktop, I can ping 8.8.8.8 and receive packets, but can't access websites in my browser...how can I determine whether it's working?
    2. Right now, the static IP my ISP gave me is assigned to the WAN port. How would I make it so that when a user hits that IP, they hit my webserver?

    Apologies if these are basic questions, I don't have much networking experience and am trying to learn.

    Best regards,
    Jim



  • @jpalmeri12 said in New to pfsense: trying to set up web server:

    In the terminal on my desktop, I can ping 8.8.8.8 and receive packets, but can't access websites in my browser...how can I determine whether it's working?
    Right now, the static IP my ISP gave me is assigned to the WAN port. How would I make it so that when a user hits that IP, they hit my web server?

    Check your firewall rules for the new interface, and also the NAT rules for that.
    They need to exist.

    Regarding the access to the web server from the Internet, you will need to create a port forward using WAN interface, destination port 443HTTPS or 80HTTP, redirect to your internal host.



  • @jpalmeri12 said in New to pfsense: trying to set up web server:

    How would I make it so that when a user hits that IP, they hit my webserver?

    @jpalmeri12 said in New to pfsense: trying to set up web server:

    I recently got an SG-3100 and have an internet connection with a static IP.

    There is no difference with the router/firewall you had before, and pfSense now.
    Using IPv6 : just add a firewall rule on WAN that permits from 'any' traffic to go to the IPv6 of your web server (TCP port 80 and 443 only).
    Using IPv4 : See Network Address Translation (NAT) and use the first option : Forwarding Ports with pfSense.

    @jpalmeri12 said in New to pfsense: trying to set up web server:

    I can ping 8.8.8.8 and receive packets

    Can you resolve from your laptop ?
    ping google.com resolves to the IP used by Google.
    If you can't that means DNS isn't working. What are your LAN based firewall rules ? ( the default rule is just great ) Are you using DHCP on your laptop ? (and did it do it's job ? )



  • @Gertjan Hi, thank you very much for your reply. From both the laptop and desktop computers, I can ping google.com (so I don't think the problem lies in the DNS). However, when I go to google.com in a browser (from the desktop), it says "This site can't be reached, www.google.com took too long to respond".

    Also: My IP is IPv4, so I set up port forwarding rules allowing TCP traffic just like in that documentation page.

    I have DHCP configured for both WAN and LAN.
    LAN based firewall rules are here:

    Screenshot from 2019-12-26 10-27-27.png



  • @mcury I followed the link Gertjan posted: https://docs.netgate.com/pfsense/en/latest/nat/forwarding-ports-with-pfsense.html

    I made two NAT rules for HTTP and HTTPS and it automatically created firewall rules, which redirect to my desktop's internal IP, but I still cannot load websites from the desktop.


  • LAYER 8 Global Moderator

    @jpalmeri12 said in New to pfsense: trying to set up web server:

    but I still cannot load websites from the desktop.

    Well if your trying to use the public IP, and your inside your own network then you would have to enable nat reflection. Or better choice just have whatever fqdn your using resolve to the local IP on your local dns.


Log in to reply