My domain addresses go to Pfsense login on different ports instead of to internal servers
-
I'm trying to get some internal services accessible via domain name.
When trying to access through domain name it usually goes to the Pfsense login page for any domain/subdomain.
I own the domain and I've setup Dynamic DNS through Pfsense for GoDaddy. That's working.
I've setup Port forward and Firewall rules for Port 80, 443, 9443 and 32400.
Port 80 is supposed to go to Nginx Proxy Manger for Bitwarden (not working)
Port 443 is supposed to go to Nginx Proxy Manger (not working)
Port 9443 is supposed to go to Nginx Proxy Manger for Portainer (not working)
Port 32400 goes to an internal Windows server for Plex (working)I've checked the external ip/ports on yougetsignal.com and all 4 are showing as open.
I've used the Diagnostics > Port Check and all the internal IPs/ports check as good.Here are my port forward and firewall rules.
I can access the services locally by IP.I've tried using Nat reflection with no change (unless I'm not using it correctly)
I've tried modifying DNS resolver with no change.I'm still fairly new to pfsense, so I'm having trouble figuring out my mistake.
-
@swami_
Did you also try to access from outside?For inside accessing you should add an host override for your domain to the DNS Resolver.
-
I just tried from my phone (not connected to Wifi, only LTE) and got 502 Bad gateway for both subdomains.
-
@swami_ said in My domain addresses go to Pfsense login on different ports instead of to internal servers:
got 502 Bad gateway for both subdomains.
That is not a pfsense error - you have something wrong with your nginx setup your forwarding too
-
I got back to the pfsense login page from a local computer for 2 subdomains.
But got a 502 error from my phone.
I've checked and rechecked the rules/port forwards, and haven't seen any issues.
I'm able to get to the services (Bitwarden) that NGINX connects to by IP
I just changed NGINX to go by IP not docker hostname and local computer timed out and phone timed out 1 subdomain and 502 error on the other.
-
@swami_ if you try from inside your network you would not be forwarded.. without setting up nat reflection
If you want to forward ports, you shouldn't be actually listening on those ports.
I don't use nginx, I just use haproxy setup a reverse and works with domains without any issues..
If you want to validate your port forwards are working - go to can you see me . org, send some traffic to your ports, sniff on pfsense wan and then on your lan side interface - does pfsense send on the traffic.. If so any error you get back is not from pfsense.
-
The ridiculous thing is that I wanted to use HAproxy (with Acme for certs) to keep all networking inside my PFsense system. I had some difficulty with HAproxy (probably my own fault either with HA or the service setup I was forwarding to)
A great deal of the information I got from the internet said "Nginx" or "Traefik" were the way to go, so I tried Nginx.
I'm going to take your suggestion of packet capture on both sides.
After that I might just shutdown Nginx and return to HAproxy (w/Acme) and try to figure out the proxy/ports.
