Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Forward 80 Webserver

    Scheduled Pinned Locked Moved NAT
    26 Posts 3 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stepnage
      last edited by stepnage

      Hello everyone"

      I have been running pfsense for years and never had any issues until I upgraded to the latest 2.7.2. I am no longer able to port forward 80 to my local machine running a webserver. Everything worked fine on version 2.7.0. I see there's added options under NAT when editing a rule.

      Could someone guide me as to getting this back up and running?

      Domain is stepnageos.com
      Router is 10.10.10.1
      Firewall:
      WAN address is 10.10.10.1
      LAN address is 192.168.0.1
      Local Server is 192.168.0.3

      I can access webserver on local network by 192.168.0.3 no problems.

      Thank you!

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @stepnage
        last edited by

        @stepnage said in Port Forward 80 Webserver:

        Router is 10.10.10.1
        Firewall:
        WAN address is 10.10.10.1

        Both have the same IP?

        Apart from this, NAT works straight forward. Nothing has changed on 2.7.2 regarding this.
        Best to test it, since your WAN is private, connect a device to pfSense WAN interface and type the WAN address into the browser.
        What do you get?

        S 1 Reply Last reply Reply Quote 0
        • S
          stepnage @viragomann
          last edited by

          @viragomann my apologies WAN IP is 10.10.10.2

          If I connect to WAN or LAN I get web login for pfsense. I can see in older versions you had single address now it’s changed to give two additional options.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @stepnage
            last edited by

            @stepnage
            So the pfSense web interface is listening on port 80.
            Go to System > Advanced > Admin Access and change the port to something unused.
            Also check "Disable webConfigurator redirect rule".

            1 Reply Last reply Reply Quote 0
            • S
              stepnage
              last edited by

              I have changed the web UI port number but still unable to get port forwarding working.
              Rule Edit
              NAT Rule

              Hopefully both images show up so you can see the rule in place.

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @stepnage
                last edited by

                @stepnage
                Cannot see the images without login.

                1 Reply Last reply Reply Quote 0
                • S
                  stepnage
                  last edited by

                  Do you have an email? I'd really appreciate your help.

                  V 1 Reply Last reply Reply Quote 0
                  • V
                    viragomann @stepnage
                    last edited by

                    @stepnage
                    There should be a possibility to share files without the need of authentication. Supported by any cloud I know.

                    What do you get now exactly if you access your WAN IP from the interne?

                    1 Reply Last reply Reply Quote 0
                    • S
                      stepnage
                      last edited by

                      If I access my WAN via IP under port 80 I get nothing. If I access via changed port doe PFSense web UI I get the UI.
                      Here's my NAT port forwarding rule:
                      Interface = WAN
                      Address Family = IPV4
                      Protocol = TCP
                      Source = ANY
                      Source Port Range = HTTP
                      Destination = LAN Address
                      Destination Port Range = HTTP
                      Redirect Target Port = HTTP
                      Description = Website
                      NAT Reflect = Enable Pure NAT
                      Filter Rule = Pass

                      Everything worked perfectly under version 2.7.0.... All I can see that has changed is you now have another option under destination, it was simply single host.

                      V 1 Reply Last reply Reply Quote 0
                      • V
                        viragomann @stepnage
                        last edited by

                        @stepnage
                        You must not limit the source port. It's redundant, so you have to state "any" for it.

                        1 Reply Last reply Reply Quote 0
                        • S
                          stepnage
                          last edited by

                          Okay done but still WAN or domain still results in nothing.

                          V 1 Reply Last reply Reply Quote 0
                          • V
                            viragomann @stepnage
                            last edited by

                            @stepnage
                            Source = ANY
                            Source Port Range = ANY
                            Destination = WAN Address
                            Destination Port Range = HTTP
                            Redirect Target = <your web server>
                            Redirect Target Port = HTTP

                            1 Reply Last reply Reply Quote 0
                            • S
                              stepnage
                              last edited by

                              Interface = WAN
                              Address Family = IPV4
                              Protocol = TCP
                              Source = ANY
                              Source Port Range = HTTP
                              Destination = LAN Address
                              Destination Port Range = HTTP
                              Redirect Target IP = 192.168.0.3
                              Redirect Target Port = HTTP
                              Description = Website
                              NAT Reflect = Enable Pure NAT
                              Filter Rule = Pass

                              Forgot to add a section in last post, the IP address of server on LAN side.

                              1 Reply Last reply Reply Quote 0
                              • S
                                stepnage
                                last edited by

                                Source = ANY
                                Source Port Range = ANY
                                Destination = WAN Address
                                Destination Port Range = HTTP
                                Redirect Target = 192.168.0.3
                                Redirect Target Port = HTTP

                                Still nothing :(

                                V 1 Reply Last reply Reply Quote 0
                                • V
                                  viragomann @stepnage
                                  last edited by

                                  @stepnage
                                  So possibly your web server is blocking access from outside its subnet.

                                  Disable its firewall.

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    stepnage
                                    last edited by

                                    I have tried this already, the only thing that has changed is the firewall, this is why I am pulling my hair out as everything worked fine before the update.

                                    V 1 Reply Last reply Reply Quote 0
                                    • V
                                      viragomann @stepnage
                                      last edited by

                                      @stepnage
                                      As mentioned, nothing regarding port forwarding has been changed in the recent version.
                                      Your issue might be somewhere else.

                                      For troubleshooting, sniff the https traffic on pfSense on WAN and LAN and look if your requests are arriving on WAN and forwarded properly, and if you get responses from the webserver.

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        stepnage
                                        last edited by

                                        I could not get this to work at all. I changed the port forward on my broadband router to point at it's web UI and I can connect using my domain remotely. I then connected my server directly to my broadband router and changed port forwarding and again, can connect. This eliminates the pfsense firewall but all works. However, as soon as I connect the firewall back between them and re adjust the port forwarding, everything fails.

                                        I re cloned my old pfsense image of 2.7.0 and all works flawlessly. I'm still convinced that something has changes as nothing to my setup has. The fact that I can still connect using my domain tells me that it's the firewall.

                                        I've also tried switching the WAN and LAN but still the same issue. I really don't want to be stuck in this version.

                                        Bob.DigB V 2 Replies Last reply Reply Quote 0
                                        • Bob.DigB
                                          Bob.Dig LAYER 8 @stepnage
                                          last edited by

                                          @stepnage Make screenshots of every screen of interest.

                                          1 Reply Last reply Reply Quote 0
                                          • V
                                            viragomann @stepnage
                                            last edited by

                                            @stepnage
                                            As you don't deliver the requested troubleshooting information, I'm sadly not able to help here.
                                            Just wailing "it does not work" contributes nothing to get closer to the issue.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.