Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Understanding port forward 80 and 443

    Scheduled Pinned Locked Moved NAT
    3 Posts 3 Posters 348 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vacquah
      last edited by

      A rather rudimentary question but I am getting myself confused. Hoping someone can help clear the fog !

      My setup has a virtualized pfsense instance on a proxmox server. On the same promox server, I have a kubernetes cluster and a freepbx vm (outside the kubernetes cluster). On the pfsense sifde, I am using dns-over-tls with dns resolver.

      To setup letsencrypt certs on the freepbx vm, I used their inbuilt tool. To make it work, I had to open port 80 on pfsense to allow validation.

      Now, I am looking to setup letsencrypt on my kubernetes cluster. I am using traefik ingress controller with cert-manager package with http01 validation, which also requires opening of port 80. Here is where I get lost.

      I know I can use the pfsense letsencrypt package with haproxy - lets assume I don't want to go that route for now.

      my questions:

      • Is there any risk to opening 80 and point it to the freepbx server or kubernetes cluster ? I see some people doing this manually - open the port and close it down only when cert renewal is required - which is rather cumbersome.

      • can you have two port forward rules for port 80? one for the freebx server and one for the kubernetes cluster? Doesn't make sense to me but not sure how to think about this when both of them require port 80 to be open for lensencrypt validation?

      Will appreciate some insight into this. Thx..

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by kiokoman

        afaik not from the same source without the help of haproxy
        only if you have 2 different public IP

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          @vacquah said in Understanding port forward 80 and 443:

          Is there any risk to opening 80 and point it to the freepbx server or kubernetes cluster ?

          You are relying on the security of whatever is listening on port 80 on the freepbx and kubernetes cluster in that case.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.