Port Forward 80 Webserver

stepnage · Jan 27, 2024, 12:03 PM

Hello everyone"

I have been running pfsense for years and never had any issues until I upgraded to the latest 2.7.2. I am no longer able to port forward 80 to my local machine running a webserver. Everything worked fine on version 2.7.0. I see there's added options under NAT when editing a rule.

Could someone guide me as to getting this back up and running?

Domain is stepnageos.com
Router is 10.10.10.1
Firewall:
WAN address is 10.10.10.1
LAN address is 192.168.0.1
Local Server is 192.168.0.3

I can access webserver on local network by 192.168.0.3 no problems.

Thank you!

viragomann · Jan 27, 2024, 1:31 PM

@stepnage said in Port Forward 80 Webserver:

Router is 10.10.10.1
Firewall:
WAN address is 10.10.10.1

Both have the same IP?

Apart from this, NAT works straight forward. Nothing has changed on 2.7.2 regarding this.
Best to test it, since your WAN is private, connect a device to pfSense WAN interface and type the WAN address into the browser.
What do you get?

stepnage · Jan 27, 2024, 1:31 PM

@viragomann my apologies WAN IP is 10.10.10.2

If I connect to WAN or LAN I get web login for pfsense. I can see in older versions you had single address now it’s changed to give two additional options.

viragomann · Jan 27, 2024, 2:12 PM

@stepnage
So the pfSense web interface is listening on port 80.
Go to System > Advanced > Admin Access and change the port to something unused.
Also check "Disable webConfigurator redirect rule".

stepnage · Jan 31, 2024, 7:55 AM

I have changed the web UI port number but still unable to get port forwarding working.

Hopefully both images show up so you can see the rule in place.

viragomann · Jan 31, 2024, 8:06 AM

@stepnage
Cannot see the images without login.

stepnage · Jan 31, 2024, 8:08 AM

Do you have an email? I'd really appreciate your help.

viragomann · Jan 31, 2024, 10:53 AM

@stepnage
There should be a possibility to share files without the need of authentication. Supported by any cloud I know.

What do you get now exactly if you access your WAN IP from the interne?

stepnage · Jan 31, 2024, 11:21 AM

If I access my WAN via IP under port 80 I get nothing. If I access via changed port doe PFSense web UI I get the UI.
Here's my NAT port forwarding rule:
Interface = WAN
Address Family = IPV4
Protocol = TCP
Source = ANY
Source Port Range = HTTP
Destination = LAN Address
Destination Port Range = HTTP
Redirect Target Port = HTTP
Description = Website
NAT Reflect = Enable Pure NAT
Filter Rule = Pass

Everything worked perfectly under version 2.7.0.... All I can see that has changed is you now have another option under destination, it was simply single host.

viragomann · Jan 31, 2024, 11:42 AM

@stepnage
You must not limit the source port. It's redundant, so you have to state "any" for it.

stepnage · Jan 31, 2024, 11:47 AM

Okay done but still WAN or domain still results in nothing.

viragomann · Jan 31, 2024, 11:52 AM

@stepnage
Source = ANY
Source Port Range = ANY
Destination = WAN Address
Destination Port Range = HTTP
Redirect Target = <your web server>
Redirect Target Port = HTTP

stepnage · Jan 31, 2024, 11:52 AM

Interface = WAN
Address Family = IPV4
Protocol = TCP
Source = ANY
Source Port Range = HTTP
Destination = LAN Address
Destination Port Range = HTTP
Redirect Target IP = 192.168.0.3
Redirect Target Port = HTTP
Description = Website
NAT Reflect = Enable Pure NAT
Filter Rule = Pass

Forgot to add a section in last post, the IP address of server on LAN side.

stepnage · Jan 31, 2024, 11:56 AM

Source = ANY
Source Port Range = ANY
Destination = WAN Address
Destination Port Range = HTTP
Redirect Target = 192.168.0.3
Redirect Target Port = HTTP

Still nothing :(

viragomann · Jan 31, 2024, 11:59 AM

@stepnage
So possibly your web server is blocking access from outside its subnet.

Disable its firewall.

stepnage · Jan 31, 2024, 12:00 PM

I have tried this already, the only thing that has changed is the firewall, this is why I am pulling my hair out as everything worked fine before the update.

viragomann · Jan 31, 2024, 12:30 PM

@stepnage
As mentioned, nothing regarding port forwarding has been changed in the recent version.
Your issue might be somewhere else.

For troubleshooting, sniff the https traffic on pfSense on WAN and LAN and look if your requests are arriving on WAN and forwarded properly, and if you get responses from the webserver.

stepnage · Feb 4, 2024, 1:51 PM

I could not get this to work at all. I changed the port forward on my broadband router to point at it's web UI and I can connect using my domain remotely. I then connected my server directly to my broadband router and changed port forwarding and again, can connect. This eliminates the pfsense firewall but all works. However, as soon as I connect the firewall back between them and re adjust the port forwarding, everything fails.

I re cloned my old pfsense image of 2.7.0 and all works flawlessly. I'm still convinced that something has changes as nothing to my setup has. The fact that I can still connect using my domain tells me that it's the firewall.

I've also tried switching the WAN and LAN but still the same issue. I really don't want to be stuck in this version.

Bob.Dig · Feb 4, 2024, 2:17 PM

@stepnage Make screenshots of every screen of interest.

viragomann · Feb 4, 2024, 2:31 PM

@stepnage
As you don't deliver the requested troubleshooting information, I'm sadly not able to help here.
Just wailing "it does not work" contributes nothing to get closer to the issue.