Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense - Have Nat/Rules for ports 80, 443, now we have a new server, port 9443, how to get through?

    Firewalling
    2
    4
    485
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      carrzkiss
      last edited by

      Hello, All.
      (I am trying to get enough information to help everyone in assisting with my issue.)

      Example URL (Neither work)
      https://sub.example.com/hls/radio.m3u8
      or
      https://sub.example.com:9443/hls/radio.m3u8

      Setup
      PFSense NAT/Rules for
      Web | HTTP (80) and HTTPS (443)
      Targets: Windows 2016 IIS Web Server running ARR for IIS Web Farm.
      This has worked flawlessly for nearly 2 years.

      Issue.
      I have brought in a Linux running Nginx | HLS | Liquidsoap
      For running an online Radio.

      I just installed HAProxy.
      HAProxy = Enabled
      Backend - Record created for the LinuxServer

      • Server List = IP address of the Linux Server (192.168.5.10).

      Frontend - Record created for the sub.example.com

      • External Address - Wan = port 8080
      • Access Control lists - Host Matches - Value=sub.example.com
      • Actions: Attached to the ACL and Backend: LinuxServer

      I had the HAProxy with port 8080, and it worked, but now we are dealing with https.
      Since I already use port 443 in PFSense for our web servers, I had to create another NAT/Rule for port 9443 pointing to the Linux Server (192.168.5.10).
      I am assuming since I am using that port, I have to have it in the URL as
      https://sub.example.com:9443/hls/radio.m3u8
      But still cannot get through.

      I also have a Nat/Rule for port 1935, which is used to stream HLS but is not required in the URL when streaming through a player. I have it there in case, but it shows through the online test as not being opened.

      When I try to access the site through a web browser, I get "The site can't be reached."
      And through Windows media player, I get "Failed to render the file."
      Loading the streaming URL in a web browser will open a download dialog for me to download the radio.m3u8 file. But it is not doing anything outside the network; it just gives the error.
      "The site can't be reached."

      I can play the media through a Windows media player within the network.
      What would I need to do to have it play from outside the network?

      Thank you.
      Wayne

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @carrzkiss
        last edited by

        @carrzkiss if you’re using unique ports you shouldn’t need haproxy.

        If you are testing from LAN you’ll need reflection enabled.

        On the Linux server is it listening on 9443 or 443? You can send to 443 in the NAT rule. Does it allow the connection in its software firewall?

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        C 2 Replies Last reply Reply Quote 1
        • C
          carrzkiss @SteveITS
          last edited by carrzkiss

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • C
            carrzkiss @SteveITS
            last edited by

            Hey, @SteveITS, and thank you.
            Reflection has been enabled from the first install.
            Disabled HAProxy

            After configuring some things on nginx, I could load the page https://stream.example.com:9443, which gave the SSL Cert.

            Then.
            The streaming URL started working after a few reboots on the Linux Server. Don't know why, but it just started working.
            https://stream.example.com:9443/hls/Radio.m3u8

            Thanks, Steve.
            Have an awesome week.

            Wayne

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.