pfsense will not let me go to a site that uses port 80


  • Hi everyone, I’m a new beginner here and I am not very good at programming things I always search for everything on the net.
    But now I have a problem and I can’t find anything about:

    I have to go to a.site.net:80/username/blabla/channel3456 and can’t get through it is a IPTV channel.

    If I switch the TV over to my mobile WiFi, all IPTV channels work (it is not the intention to keep it that way)

    I am using pfsense 2.4.5-RELEASE-p1 (amd64) and have a web server behind it where port 80 is forwarded from WAN to IP server.

    Is there anyone who could help me with this. It already drives me crazy and I can’t watch IPTV.

    screenshot of the port forward setup and the related firewall rule
    My_pfsense.jpg
    I've temporarily disable the port forwards for port 80, and hocus pocus the stream works.

    "brwainer on lawrencesystems" says to me:
    as I suspected, your port forwarding rule is too broad. It is basically forwarding everything destined for port 80 back into your network. This isn’t normal and shouldn’t happen, because it should only affect traffic coming in the WAN interface. I recommend going to the PFSense forum for support.

    But how do I access the web server when port 80 is turned off?
    Is there another solution?

    Thanks in advance, kind regards Rob (from the Netherlands)
    P.S. Have a Happy and Healthy New Year


  • @cke :

    Where is this web server you want to visit : on (one of) your LAN's ?
    If it's a LAN device, start simple : Try http://192.168.1.30 and you will be connected FROM your LAN to your LAN device.

    This :

    6f3742cf-83cc-43aa-8dcc-3787da2f01b7-image.png

    and this :

    081247c8-8ded-4ab6-8ccf-0a0239645755-image.png

    is ..... wrong.

    Imagine this : some user on the Internet uses your WAN IP (or an URL that points to your WAN IP) and types http://a.b.c.d which stands for http://a.b.c.d:80 .
    Now where should the traffic go to ? the device on LAN using 192.168.1.30, port 80 ? Or device 192.168.1.130 port 80 ? pfSense should do some round robin ? Best match ? Random ? First match ?

    Take note : one port on your WAN can be redirected to ONE ( !) port on your LAN. No more.
    Your missing some NAT experience I guess ;)

    Why do you need all these NAT rules ? Do you need to expose all these ports to the public (Internet) ?
    Delete them all, and explain what you want to do.

    About :

    1b584636-aa50-42fe-9c0d-2997571eee87-image.png

    Only 127.0.0.1 should be there.
    Are you forwarding your DNS ? Epic : why ?

    Heb je een contract met 8.8.8.8.etc ?
    Ik raad je heel erg aan om de default DNS instelling niet te veranderen. Dan heb je iets wat werkt zonder omkijken ;)

    Gertjan.
    From France.


  • @gertjan
    the IPTV channels are outside server accessed over the internet somewhere in Russia.


  • @cke

    Except for the first, all your NAT rules not needed / related to the access of a.site.net. You can remove them.

    Again : right after, when you installed pfSense, before you started to change / add things, the access to a.site.net was working fine.

    Side thought : really ? a http (non SSL) site ? Do they still exist ?