Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forward with webserver behind pfsense

    Scheduled Pinned Locked Moved
    NAT
    3
    7
    366
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      macaruchi
      last edited by

      My current issue I am running into is fowarding http to one of my webservers. Currently, my network is setup as followed:

      ISP Provided Router -> Pfsense firewall -> webserver.

      My question is, how would I go about forwarding port 443 to allow my webserver to be accessed outside of my network? Would I need to forward 443 to my firewall from the ISP router to pfsense, then forward the port in pfsense to the webserver?

      How can I do that ?

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @macaruchi
        last edited by

        @macaruchi yes.

        Many ISP routers have a DMZ option or ways to forward single ports.

        https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html#adding-port-forwards

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        M 1 Reply Last reply Reply Quote 0
        • M
          macaruchi @SteveITS
          last edited by

          @SteveITS
          Hi!
          Somebody told me that I need to port forwanrd to pfSense from router and from pfSense to webserver.

          I try to do a port forward into router addressing to LAN webserver but this doesnt work

          S GertjanG 2 Replies Last reply Reply Quote 0
          • S
            SteveITS Rebel Alliance @macaruchi
            last edited by

            @macaruchi can you show screenshots from both? Done correctly it does work. :)

            https://docs.netgate.com/pfsense/en/latest/troubleshooting/nat-port-forwards.html

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @macaruchi
              last edited by Gertjan

              @macaruchi said in Port forward with webserver behind pfsense:

              Somebody told me

              Be nice to them. Smile, and make the conversation short.
              Then go to the URLs like shown above : https://docs.netgate.com/pfsense/en/latest/nat/, as, what knows better as the authors of the product you use ?

              I'll add a trick :
              Go to :

              ac067221-65c4-42af-82f4-6484e026d018-image.png

              and select "WAN", "TCP" and port "443" as shown.
              Hit Start at the bottom, and keep an eye on the results shown at the bottom of the page.
              Initially, it will stay empty : no results.

              Now, as per your ISP instructions, as they have the info about how to add a NAT rule in your ISP router.
              Or, as proposed above : activate the DMZ mode.

              While visiting the GUI of your ISP router, take note of it's WAN-IPv4.

              Get a phone ready. Disable ( !! ) the Wifi on this phone ( !! ).
              Open a browser on your phone, and enter https://WAN-IPv4 (like https://1.2.3.4).

              If all went well : you've set up correctly the NAT (or DMZ, you should prefer NAT, though) on your ISP router, the pfSense Diagnostic windows starts to show lines ...
              The browser on your phone will shows errors of course, as no web browser is answering at the moment, but you know now traffic reaches the pfSense WAN network port.

              From here : https://docs.netgate.com/pfsense/en/latest/nat/ is all yours.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              M 1 Reply Last reply Reply Quote 0
              • M
                macaruchi @Gertjan
                last edited by

                @Gertjan
                I did what you told me, thks, but I cant access the webserver yet :(
                These are my rules

                1c26ca45-ff9a-48d7-a087-8ebc44d24f8d-image.png

                Rule Port Forward
                0decf3a7-fb93-4c98-9246-e0992f36e71f-image.png

                The Capture works

                S 1 Reply Last reply Reply Quote 0
                • S
                  SteveITS Rebel Alliance @macaruchi
                  last edited by

                  @macaruchi The last rule there is the linked rule ("NAT jce").

                  The circled rule allows your pfSense WAN subnet to access LAN. Though it probably wouldn't actually function unless something on that network was routing packets intended for your LAN subnet to your pfSense WAN IP.

                  You've allowed * to access "WAN2_CENSOL address" meaning anything can access pfSense on ports 22/80/443/other. Since that includes 8443 I don't think it will also forward 8443 on via the NAT rule. Note that rule has 27.3 MB of traffic.

                  Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                  When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                  Upvote ๐Ÿ‘ helpful posts!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.