Forwarding port 80
-
Hi, there. I am trying to access my freenas nextcloud from outside my lan by port forwarding port 80. I am using the Open Port Check Tool and it says that this port is "closed". Can anyone help me with my setup? It seems straightforward, but sure I'm missing something simple. Total noob here, talk to me like I'm 7 yo!
-
https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html
-
Oh, wow. Lot's that can go wrong I see. It all seemed so simple!
-
It is probably one of the things in that list.
-
@lyle817 said in Forwarding port 80:
It all seemed so simple!
And it is.
The NAT page that permits you to set up a NAT rule is actually always the same on every router on the planet for the last 30 years or so ...
What most people initially forget, is that their WAN interface doesn't use their 'real' outside WAN IP, but an RFC 1918, given to pfSense by an upstream router, most probably theirISP router.
In such a case, a NAT rule has to be set up in that router also. Or, if pfSense is the only device hooked up to the ISP router, something like "DMZ" could be activated on that router.Promised : thing will get easier as soon as you start using IPv6, there will be less things to enter ;) No more NAT, just a simple firewall rule.
Remember : NAT shouldn't be 'simple' because it introduces a security issue : if the downstream web server, the freenas, has issues, someone from the outside could exploit it, thus gaining access to your LAN ...
-
Thanks for the words of encouragement! Good point that NAT shouldn't be simple.
So did my rule above look correct as near as you could tell? The NAT page may be 30 yrs old, but this is my first rodeo.
For #5 common problem: ISP blocking- how could I figure this out? Do I just call them up and ask? My ISP tech support are knuckleheads, doubt they would have a clue what I was asking!
-
Nothing has really changed in 30 years where NAT is concerned.
Did you go through all of the list there to determine where your particular port forward is breaking?
For #5 common problem: ISP blocking- how could I figure this out? Do I just call them up and ask? My ISP tech support are knuckleheads, doubt they would have a clue what I was asking!
But if they are not forwarding the inbound connections there is absolutely nothing the firewall (or we) can do about it.
Packet capture on the WAN to see if the connection attempt is actually arriving, as stated in that document.
-
Not yet, but I promise I will do my homework this weekend!
