webpage doesn't display it timesout
-
hi,
my pfsense has two nics, my wan has a public ip , and my lan has a private ip . My pfsense lan ip is in the same subnet with my internal webserver (172.16.10.x/24). All the nodes with the same subnet (172.16.10.x/24) of my lan can open the webpage of my internal webserver. my pfsense can ping my internal webserver. The pfsense tool also confirmed that the port 80 of my internal webserver is open. I have not checked the log of my httpd. Thank you for pointing this out. I will update you here once i see it.
have a nice day,
regards,
Mon -
thank you for the reply and guidance. I have finally figured out the problem. The gateway of my target box is not the pfsense box. I changed it and it works. But I need to have a different gateway and not the pfsense for my target box. I will just open another topic for this. Reading from the docs i need to configure hybrid outbound nat. Its too cryptic , i hope someone has done it and will be able to point me to the right documentation.
regards,
Mon -
@ramonmitcs said in webpage doesn't display it timesout:
But I need to have a different gateway and not the pfsense for my target box.
Remote traffic comes in through pfSense. Then that will be you gateway (the way to reply to requests from outside the network).
@ramonmitcs said in webpage doesn't display it timesout:
Its too cryptic , i hope someone has done it and will be able to point me to the right documentation.
Just keep this in mind as a future project.
asymmetric routing is a "small nightmare" to set up. You'll be able to "do it" or discard it as 'not done" as soon as you know enough.
Most of the time, when you think you need it, it's the concept that you have in mind that is wrong. -
@gertjan said in webpage doesn't display it timesout:
Most of the time, when you think you need it, it's the concept that you have in mind that is wrong.
thank you for the insight. I have been looking at ASR, and its even more cryptic. I have been googling hybrid outbound NAT, but all the documentation is still way above my mind grade. I will keep on pushing thru , who knows i might find the light bulb moment in the future. Stay safe and have a nice day.
regards,
mon -
@ramonmitcs Outbound NAT controls which WAN IP on your pfSense is used for a new outbound connection. Itโs not going to help if you have two routers on the same network. Why do you need two, and can you replace the other with this pfSense?
-
actually the internal webserver is connected to our layer 3 switch, which has all the vlan interface defined. (our existing setup). so its original gateway ip is the vlan interface ip.
when we configured the pfsense box , the lan side ip is in the same subnet with our internal webserver. We "thought" that since its in the same subnet traffic would flow "smoothly".
Apparently , with port forwarding its not the case.
Googling and You tubing regarding vlan and such, all the examples seems to start with pfsense. I mean all the vlans is being managed by pfsense. What we have is that our vlan is being managed by the layer 3 switch and we just want to pfsense join the vlan that is being managed by the layer 3 switch.
I am learning a lot with this problem but its seems to be too murky for me still. One of this days, with all the inputs from the community. i will be able to figure this thing out .. keeping my fingers crossed.
Have a great day,,
regards,
Mon -
@ramonmitcs Hmm, perhaps a drawing of the layout?
If the LAN PC and web server are in the same subnet they could talk to each other directly via the web server LAN IP, that traffic wouldn't go through the router at all. If the PC is trying to connect using the public IP of the router then NAT reflection is necessary for that NAT rule.
https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html
https://docs.netgate.com/pfsense/en/latest/troubleshooting/nat-port-forwards.htmlIf the web server receives a packet from router1 and its gateway is router2 then the traffic isn't going to get to the right place.
https://docs.netgate.com/pfsense/en/latest/troubleshooting/asymmetric-routing.html
-
hi,
this is the setup. If i change the gateway of the webserver to pfsense lan i.e. 192.168.10.10, then nat is running. Is there a way to possibly keep the existing setup that is using the gateway of vlan 10 which is 192.168.10.1?
regards,
Mon -
@ramonmitcs 192.168.10.1 isn't in the diagram?
Generally asymmetric routing is to be avoided. So if you can remove the 192.168.10.1 router and just use pfSense that should resolve your issues. Otherwise take a look at:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/asymmetric-routing.html
-
thank you. I will take a look at the documentation.
take care and have a great day.
Regards,
Mon
