Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot Forward Port 80 to Web Server

    Scheduled Pinned Locked Moved NAT
    11 Posts 2 Posters 798 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      testcb00
      last edited by

      Hi everyone,
      I just found that I cannot forward port 80 to my webserver.

      My configuration is as below
      1356.png
      1355.png

      What is the problem? I can forward port 443 and it works, but I cannot forward 80......

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @testcb00
        last edited by

        Where is this web server situated ? On one of your LANs ?
        Or do you mean the GUI webserver of pfSense ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        T 1 Reply Last reply Reply Quote 0
        • T
          testcb00 @Gertjan
          last edited by

          @gertjan

          I have an Apache24 server on my LAN,
          I am not meaning the GUI webserver of pfSense.

          Besides, I would like to discuss about the GUI webserver of pfSense. Seems I can access it from WAN if I uncheck the "Disable webConfigurator redirect rule" in Advanced Config

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @testcb00
            last edited by Gertjan

            An example :

            dc01ea57-7089-40af-950c-f125522a4eff-image.png

            and the auto generated firewall rule :

            b0b9a11a-6584-4134-a694-f06bd0dbdb91-image.png

            The destination address is - I created an alias called 'diskstaion2" point to an IPv4 that lives on my LAN.
            Why is your destination WAN ???

            Btw : just for good matters : move the pfSense http and https out of the way, like 81 and 444.

            Also : web server access is TCP only.

            edit : I also have a 'source' alias, called 'SYS_URL'. This one lists all the allowed IP addresses. In your case its probably "*" or everybody.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            T 1 Reply Last reply Reply Quote 0
            • T
              testcb00 @Gertjan
              last edited by

              @gertjan Seems my config has no difference between your config, my WAN is WAN_I350_1G_2?
              My pfsense https UI port has been moved to non 443 port
              Do I need to reconfigure UI to http protocol first?
              Then change UI port to 80 to reconfigure once and change port to non-80 for unbind the port 80?
              Finally change back to https and reconfigure once and change port to non-443 for unbind the port 443?

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @testcb00
                last edited by

                @testcb00 said in Cannot Forward Port 80 to Web Server:

                .... my WAN is WAN_I350_1G_2?

                But your web server is not on your WAN. It's on your LAN. Use the server's IP address as the Destination.

                @testcb00 said in Cannot Forward Port 80 to Web Server:

                Do I need to reconfigure UI to http protocol first?
                Then change UI port to 80 to reconfigure once and change port to non-80 for unbind the port 80?
                Finally change back to https and reconfigure once and change port to non-443 for unbind the port 443?

                Just get it out of the way.
                And never use these port from "WAN", only LAN.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                T 1 Reply Last reply Reply Quote 0
                • T
                  testcb00 @Gertjan
                  last edited by

                  @gertjan My blank space is already local IP (Web server IP)......maybe I hide them so that I mislead you, sorry

                  Besides, I find that the port forward is working, I own two public IP, my pfsense is IP A, and my Wi-Fi Hotspot is IP B. If I use Wi-FI (IP B), I can get in my website BUT I cannot use IP A device (device behind pfsense) to get in my website......

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @testcb00
                    last edited by

                    @testcb00 said in Cannot Forward Port 80 to Web Server:

                    I own two public IP, my pfsense is IP A, and my Wi-Fi Hotspot is IP B

                    ?
                    You are using public IP's on your LAN interfaces LAN and OPT1 ?

                    @testcb00 said in Cannot Forward Port 80 to Web Server:

                    If I use Wi-FI (IP B), I can get in my website

                    where the web site is on the LAN, right ?

                    @testcb00 said in Cannot Forward Port 80 to Web Server:

                    BUT I cannot use IP A device (device behind pfsense) to get in my website......

                    I this case, the web site and the device are on the same network segment, right (all connected to the same LAN segment) ?

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    T 1 Reply Last reply Reply Quote 0
                    • T
                      testcb00 @Gertjan
                      last edited by testcb00

                      @gertjan Please review the below photo
                      1752.png
                      1753.png

                      Scenario 1 (Red): I can access my website (http://webserver-domain) via Modem A (IP A).
                      Scenario 2 (Blue): I can access my website (http://webserver-local-ip) via Intranet (Inside pfSense)
                      Scenario 3 (Green): I cannot access my website (http://www.webserver-domain.com)

                      Seems my rule has problem?

                      NAT Rules:
                      1805.png

                      WAN Rules:
                      1800.png

                      LAN Rules:
                      1804.png

                      GertjanG 1 Reply Last reply Reply Quote 0
                      • GertjanG
                        Gertjan @testcb00
                        last edited by

                        @testcb00 said in Cannot Forward Port 80 to Web Server:

                        Scenario 3 (Green): I cannot access my website (http://www.webserver-domain.com)

                        Classic case.
                        Video just for you.

                        Or : Goto unboud settings, at the bottom of the page, create a host override.
                        Done.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        T 1 Reply Last reply Reply Quote 1
                        • T
                          testcb00 @Gertjan
                          last edited by

                          @gertjan Thank you very much. The Host Override done the job. I also find that I might have wrong DNS resolver settings: I choose both the "Network Interfaces" and "Outgoing Network Interfaces" to all.

                          However, I do not understand why I cannot use Scenario 3 to access the website. The "Host override" option in DNS resolver override the IP address of the public IP to the webserver local IP, making it to Scenario 2.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.