Port forwarding to Web server on Server VLAN

dzacharias

Was hoping to get some guidance on how to configure this firewall. Some background first. I am using a Cisco L3 Switch and have configured a few VLANs on it. Client VLAN and Server VLAN, however, I am using pfsense to do the routing. I used this guide to get it working. https://greigmitchell.co.uk/2019/08/configuring-intervlan-routing-with-a-layer-3-switch-and-pfsense

This setup works great internally. I can get to other clients/IP addresses within the network and I can get to the internet from each VLAN/network as well, however, I cannot seem to get port forwarding working properly. I have confirmed that the ports are open with an external port checker. It's like the port is open, but the traffic is not getting to the proper server/service on the respective VLAN that the server is on.
I open the ports using the following method. Firewall>NAT>Port Forward I created a rule and the port is open, but the traffic is not reaching its intended destination. I have also confirmed that the web server is working internally and listening for requests. PLEASE HELP!

johnpoz

@dzacharias said in Port forwarding to Web server on Server VLAN:

I have confirmed that the ports are open with an external port checker.

but the traffic is not getting to the proper server/service on the respective VLAN that the server is on.

Not really possible.. If your outside source shows that port is opened, then that means something answered.. So that means the traffic got to where you forwarded it, pfsense sure isn't going to answer your port that your forwarded. You are testing tcp right, there is really no reliable online testing for udp ports.

Possible something in front of pfsense answered it, and pfsense never saw the traffic... I would suggest you actually validate pfsense sees the traffic on its wan.. This is really step one in any port forwarding troubleshooting... shoot you really should do that before you even attempt to create the port forward.

https://docs.netgate.com/pfsense/en/latest/troubleshooting/nat.html

dzacharias

@johnpoz said in Port forwarding to Web server on Server VLAN:

pfsense sure isn't going to answer your port that your forwarded.

dzacharias Laughed at "pfsense sure isn't going to answer your port that your forwarded."

Interesting, perhaps I can check the logs of the web server to see if it answered my request.
How can I check to see if pfsense is seeing my request?
Thank you in advance!

viragomann

@dzacharias said in Port forwarding to Web server on Server VLAN:

How can I check to see if pfsense is seeing my request?

You can use Diagnostic > Packet Capture. Select the proper VLAN interface and filter to the webserver IP and ports.

johnpoz

That would be the second check, first check your wan interface to make sure the traffic even gets to pfsense, pfsense can not forward what it doesn't see.