Plesk Issue
-
Hi, Newbie here!
I have managed to configure PfSense to the point it is working and having no MAJOR issues however I have an issue with the following:
Internet > Pfsense > Plesk
So, I have forwarded all the ports as needed for Plesk to work however DNS on port 53 is not working which means my webserver is not working at all. I have attached the forwarding NAT rules
I know forwarding is working as I have other forwards in place which are working fine with no issues.
Can someone help guide me into getting my plesk server back up and running please? Obviously I am happy to answer any questions if needed.
-
Fowarding port 53 UDP/TCP to a device called Plesk ??
Your 'plesk' is a DNS server ???
Your ISP forwards to you port 53 ???????
( mine states in my ISP box : do whatever you want, but forget about port DNS, we decided that our clients won't be hosting DNS servers - period (neither mail servers))Also : it's 2022 : please abandon FTP. You've opened up SSH, so SFTP is what everybody is using these days. FTP can be sued for very ancient (I means : very old) devices that only support FTP and nothing else.
Btw: you image shows NAT rules, right ?
If so : the last 4 rules have no 'paired' firewall rule - a rule that opens up the port on the WAN interface. These 4 NAT rules won't work.Also : I don't know plesk. It has been set up to accept incoming connection from your LAN.
And has it been set up to accept connection 'from the entire Internet' ?Btw :
Look at your WAN interface. Every NAT rule should also have a firewall rule created on the WAN interface.
These are my WAN 'pas' rules :
You see the counters in front of each WAN firewall rule ?
That is packet/states coming from the 'Internet', so I know my rule works = traffic reaches from 'a device some where on the Internet' up into my WAN interface.
That traffic is then mapped from 'WAN IP' to internal LAN IP (your plesk = 10.0.1.34) - doing port mapping, if needed (you don't, example 8447 => 8447).@lodestone said in Plesk Issue:
Can someone help guide me into getting my plesk server back up and running please?
Because it isn't working at all ?
Or do you mean : "help me how to access my plesk from the Internet" ? -
Ok, So would you know why port 80 / 443 / 8880 and 8443 are not routing correctly? Because for the life of me i cannot figure it out. Considering everything else is working apart from those.
-
@gertjan said in Plesk Issue:
Your 'plesk' is a DNS server ???
Plesk and cPanel are probably the two biggest web hosting control panels. We use Plesk in our data center. Web, mail, DNS, etc.
It's worth asking if @Lodestone's ISP is blocking port 53, though if they did that I'd guess they would block web and email as well? Is this a residential or business connection, and what is the ISP?
The other thing that trips people up sometimes is that the firewall on the (web) server is not set to allow connections from anywhere, only the local subnet.
@lodestone said in Plesk Issue:
why port 80 / 443 / 8880 and 8443 are not routing correctly
On those NAT rules, for "Filter rule association" select "create new associated filter rule" and pfSense will create a matching firewall rule to allow the traffic. Otherwise the NAT rule exists but the firewall will block it.
-
Be assured. No one can.
As we have to imagine all the info needed to replyStart by giving the info you have :
Like : the image shown above, with the headings, the other rules etc.
And like this one : my NAT rules :
-
@steveits said in Plesk Issue:
Plesk and cPanel are probably the two biggest web hosting control panels. We use Plesk in our data center. Web, mail, DNS, etc.
Of course, I'm very well aware of that.
My Syno NAS can also make ice-cream, coffee, do camaras for security, handle the door bell, and g*d knows what more.
Btw : I'm using mine as a back up device, as it has big disks.The thing is : people that host web servers, and DNS servers will never ask questions like : how to NAT ?
So, yes, I doubt @Lodestone is hosting its own DNS server, accessible from the Internet.
But maybe he is doing so ....
If so, NAT port TCP/UDP from 'WAN' to an IP-Plesk-on-LAN and done. -
I can confirm its not my ISP blocking it. I was using a Draytek router before and it was working with no problems :)
No configuration changes have been made on the webserver. It is literally just the router that has been changed. @SteveITS I have created those filter rules but traffic is still not flowing.
-
@lodestone Is there any other firewall rule that might be blocking it? If not, you might delete and recreate the NAT rules.
From a blank/new install it is just a matter of creating the NAT rule, which by default creates the firewall rule for you.
-
When you create a NAT rule, a WAN firewall rule is also created.
You should know, and you can see, that this rule is placed at the bottom of the WAN firewall rule list.
If you have already an explicit BLOCK ALL rule in place on the WAN, then , yes, your NAT rule is not working as is never reached. Rules are handled from top to bottom.
Solution : slide the NAT WAN Firewall rule up to the top and save apply.Btw : this is why I was asking for images.
Check also with Troubleshooting NAT Port Forwards.
Tip : stay away from NAT Reflection. If you think you need this, you are doing it wrong.
Use packet capturing : you can check if traffic arrives at the WAN port.
Do you use an upstream ISP router ?
If so, the pfSense WAN IP should be the same as the Draytek router before.
And this upstream router should be NATted also, I presume this was already the case as it was working before.Btw : creating a NAT rule in a Draytek router, or creating a NAT rule on pfSense is the same thing : you'll be using and entering the same info.
As NATting didn't chance since last century.This is the NAT list of ISP upstream router :
It's rather basic, a bare minimum.
It boils down to giving an WAN port and LAN port, and a device IP, which is the "pfSense-4100" alias (== 192.168.10.3 in my case, as this IP is my pfSense WAN) -
Really appreciate the help everyone. We are up and running. :) so yes the rule had not been created and also as suggested it's from top to bottom. This has resolved my little. Viva the community!!! Thanks all. :)