Firewall & forwarding



  • I'm in the process of setting up a HTTP server from a machine that needs to stay on the inside of the LAN for other resourse reasons.  I've set up the firewall rule to allow port 80 in, and set up the NAT rule to forward port 80 to the server by internal static IP.  The domain has been set up via DynDNS and that much at least appears to be working correctly.  I can access the HTTP server from inside the LAN, via any of internal IP, external IP, and domain name.  However, I cannot access the HTTP pages from outside the firewall on port 80 or by any other method.  The problem appears to be that port 80 is not open in reality.  I have performed several port scans from various security sites, and they all report that port 80 is still closed.  I'm somewhat at a loss as to what to do to open it, as I've set up the appropriate rule.  Can anyone help me out?



  • Security sites such as???  Some of those kind of sites that I have used in the past only report the port as "open"  if I have created firewall rules and Nat rules for both UDP and TCP.  If only for 1 it reported as closed.  If it is all working then who cares what those stupid sites say? :)



  • Point is, it's not working, I cant access the server from the outside through the appropriate port.



  • But you can acess it via the external IP from inside your lan?  But if you use someone else net connection you can't?

    Might be something to do with that reflection option that was added recently try turn that off,  turning it off will probably have the oposite effect what I just typed above.  Or it may just stop you acessing it from you LAN.

    OK so you have edited your post to make it more clear .. glad I noticed and didn't just reply blindly.



  • I'm certainly willing to try it, I've been beating my head against this for a couple of days now.  I'll be back in a bit with the results.



  • I think I got it turned off an no joy.  Is there more than one place to turn this feature off?  Or does anyone have any other ideas?



  • Can you post your rules?

    Oh also can you confirm you are not able to access it from a seperate Net connection that has nothing to do with your pf/wan/lan setup.



  • @Cyrandir:

    I think I got it turned off an no joy.  Is there more than one place to turn this feature off?  Or does anyone have any other ideas?

    Out of curiousity when you turned off that feature, could you still acess via your external IP from your LAN?



  • First delete the rule you created for the webserver and the nat entry. Then start over again. Go to Firewall>NAT and add a port forward.

    Interface: WAN
    External Adress: Interface Adress
    Protocol: TCP
    External Portrange: HTTP
    NAT IP: <lan ip="" of="" your="" webserver="">Local Port: 80
    Description: whatever you like

    Save and apply. You should be up now. If not check if your DynDNS resolves to the correct WAN IP.</lan>



  • Jessie7:  No I was not able to see things from the external IP.  The reflect thing seems to be working properly.

    Hoba:  That is exactly how I created things the first time.  I'll try it again from scratch though.



  • Guess I should have mentioned this earlier, but I'm running a ventrilo server from the same machine and the NAT/rules created seem to be doing their job.  I and others can connect via external IP and by DNS name without any problems.  Other than the port numbers the rules etc are identical, but not working for port 80.  I'm heading off now to rebuild the rules from scratch.  Wish me luck.



  • Upon much further investigation. I've found that my ISP blocks incoming connections on port 80, along with many other common alternatives, such as 1080 and 8080.  I guess I'll just have to set it up for another port.  In the end, I can only be glad it wasn't a configuration error on my part, and I'm not going mad.  Thank you everyone for your help.



  • Final update, I got it to work by switching to external port 6360, randomly picked off a chart of assigned ports.  If anyone has similar problems, feel free to PM me and I'll help you through it.  Thanks again everyone!


Log in to reply