Trouble with port forwarding.



  • Hello, I'm trying to allow access to a web server through my pfsense. It was working well yesterday, but for some reason it's not working anymore and I can't seem to find why.

    My network is the following:

    WAN1                        LAN1
             \                  /
                 Pfsense 1.2
             /                 
    WAN2                       LAN2

    Both WAN1 and WAN2 are local networks on which there is the ISP' router.
    My Web server is on LAN 2 and must be access solely through WAN 2.

    I'm currently trying to enable access to the server from a computer on WAN2, berfore even trying to enable it through the internet.

    I enabled the following rules in the NAT Menu:

    If         Proto  Ext. port range     NAT IP         Int. port range   Description  
    WAN2 TCP    8080             192.168.10.23       80 (HTTP)          Test
                                                    (ext.: any)

    The rule added on WAN2 when creating the NAT is:

    Proto   Source   Port   Destination   Port   Gateway   Schedule   Description
    TCP             *            *   192.168.10.23   80        *                      NAT Test
                                                                  (HTTP)

    I successfully connect to the webserver when using a computer on LAN2, so there shouldn't be any problem there.
    I tried to log the firewall rule, but nothing appears in the log when i'm trying to connect.

    My guess is there is something blocking the NAT somewhere, but I have no idea what it could be.
    Does anyone have an idea?



  • Dont set as external NAT IP "any". Set here "Interface address"

    Did you actually test this from a client which is on the WAN2 side?



  • Yes I did test it that way and it wasn't working either.

    But I just find a clue. Apparently, if on my webserver I access directly the website it works both with 'any' and 'Interface Address', but if I use a virtual directory, it doesn't work anymore.

    For example, if i use http://pfsenseInterfaceAdress:8080 it works, but if I use http://pfsenseInterfaceAdress:8080/Website it doesn't work.

    Is there something to do on pfsense to make this work?



  • Also, althought this is working from an internal client on WAN, it doesn't work when i try to access the webserver through my isp's router, even thought i did the forwarding on the router on the same way as my other servers on WAN2. Could this come from a communication problem between the routeur and pfsense.



  • @Abarai:

    Also, althought this is working from an internal client on WAN, it doesn't work when i try to access the webserver through my isp's router, even thought i did the forwarding on the router on the same way as my other servers on WAN2. Could this come from a communication problem between the routeur and pfsense.

    This problem was solved. I was just being stupid in my use of my vmware server (my webserver is on a vmware client).

    On the other hand, I still need to be able to access my webserver using the virtual directory. Anyone knows how to do that?



  • I'm not sure how pfSense could interfere with that, since it only sees the TCP connection and has nothing to do with the http request.
    Are you sure this is not a missconfiguration on the server?



  • @GruensFroeschli:

    I'm not sure how pfSense could interfere with that, since it only sees the TCP connection and has nothing to do with the http request.
    Are you sure this is not a missconfiguration on the server?

    I'm not, but since I can successfully access the website this way when on the same lan, there should be no reason not to access from a remote client. Is there?


Log in to reply