PF Sense and Unraid Reverse Proxies - ***Solved***

znamloot · Mar 16, 2020, 2:27 PM

All,

Well I have been at this for well over a week and seem no closer to resolution.

Objective is to configure PF Sense to allow traffic through from reverse proxy to specific unraid dockers.

Local access works no problem. I can access all of my dockers locally.

I use duckdns to provide my reverse proxy.

Equipment:

Dell R710 2U rackmount server
Onboard 4 port NIC
23 HT’s and 46G memory
Unraid server with various dockers such as Nextcloud, NZBGet, Sonarr and Bitwarden
Server is stable and functioning as expected.
PF Sense running on a VM using 2 of the 4 internal NIC's

local http and https access to dockers is working.

Needed: Set of rules and configurations to access from unraid dockers externally through reverse proxy at duckdns.org

Can someone point me in the direction of a possible solution.

I have tried a bunch of different methods to set up rules in PF Sense with no joy so far.

PF Sense is blocking access.

Very happy with PF Sense so far - except this. It is a deal breaker for me.

Searched this and the PF Sense forum and have not found much.

Thanks in advance...

Cheers

johnpoz · Mar 16, 2020, 2:33 PM

@znamloot said in PF Sense and Unraid Reverse Proxies:

I use duckdns to provide my reverse proxy.

Huh?? duckdns is not a reverse proxy... So that is more than likely your first problem! ;)

You mean you have duckdns do dynamic dns for you?

Have you forward the ports?
https://docs.netgate.com/pfsense/en/latest/nat/forwarding-ports-with-pfsense.html

Now troubleshoot the port forwarding, if something like can you see me . org says your ports are closed.
https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html

Are you trying to different fqdn go to different IPs/Ports behind pfsense, then you would need to use say HA proxy, which is a reverse proxy.

znamloot · Mar 16, 2020, 2:48 PM

Thanks for the quick response.

Yes, duckdns does the dynamic dns for me.

Forwarding of the ports is what I am trying to do and nothing works to provide a "pass".

I have configured the firewall rules under Firewall/NAT/ Port Forward with no joy.

I am really wandering around in the dark here ....noob .... neither http and https work from external.

I get a timeout so its blocking and not rejecting (??)

I will do some more reading because I really want to understand what is going on here. I will report back progress as things develop.

Thanks for your help

Cheers

znamloot · Mar 17, 2020, 12:48 AM

All,

Thanks to everyone who responded.

Well as it turns out I had the configuration of the NAT rules correct.

But, because I am on a fibre network, had to do some stuff with the modem and service.

That is what was preventing me from having this work. The modem has to be bypassed because it has its own firewall etc.

I am in Canada and use Bell Fibe. Bell uses their "3000" fibre modem.

For anyone who wants to know, the information on the changes can be found at :

www.dslreports.com

The PF Sense is working correctly and I have external access to my server.

Thanks all

Cheers

johnpoz · Mar 17, 2020, 10:41 AM

Nothing unique to your issue about being on a fiber connection... Anyone behind a nat would have to open up the router in front of pfsense..

Glad you got it sorted.