Big issues running IIS behind PFSense.

Affiliated · Jan 11, 2010, 9:33 PM

I Managed it to setup an IIS behinde a pfsense, and have had no problems. On the IIS are 2 websites hosted and identified by their domain.

But i have to say that iam not very familiar with Webservers and their headers and so on. It has been a while since this setup. I think it was 1.2.3-RC2 we used for this.

Regards from Germany

dotdash · Jan 11, 2010, 9:48 PM

I've had Apache servers running virtual hosts behind pfSense for years. I doubt that you have uncovered an undiscovered problem with the software. These things can be frustrating, but you need to look at your setup carefully and methodically to see if perhaps you have made an error. Try re-configuring from scratch and note the steps you used. Pfsense configuration may be different than what you are used to from working with other firewalls.

pseudonym · Jan 11, 2010, 9:48 PM

@Affiliated:

I Managed it to setup an IIS behinde a pfsense, and have had no problems. On the IIS are 2 websites hosted and identified by their domain.

But i have to say that iam not very familiar with Webservers and their headers and so on. It has been a while since this setup. I think it was 1.2.3-RC2 we used for this.

Regards from Germany

I am not a huge web-head myself. That is pretty much exactly the same thing that I want to do. Did you do anything at all other than forward port 80?

rpsmith · Jan 11, 2010, 10:06 PM

I believe the 404 error you are getting is coming from your IIS server so I don't think you are having a firewall issue or you wouldn't be seeing a 404 error.

Roy…

http://www.404errorpages.com/

wallabybob · Jan 11, 2010, 10:29 PM

@rpsmith:

I believe the 404 error you are getting is coming from your IIS server so I don't think you are having a firewall issue or you wouldn't be seeing a 404 error.

This doesn't fit with
@pseudonym:

Packets are not hitting the webserver at all when I have PFSense as as the router.

Are there (have there been?) two distinct problems?

pseudonym · Jan 11, 2010, 11:40 PM

Double checked the IIS server. Found that the bindings needed to be changed. I can now surf, without any issue internally using the FQDN.. however, still getting a 404 when I try to access externally.

The 404 error is the reason that I suspected that the issue may be the way that PFSense handles Host Header Name info.. if it is just forwarding the request to the server, and somehow stripping the Host Header Name info so that it is requesting the default page of the site rather than the specific site…

As I said earlier.. if I swap out for a box standard Linksys router it works with no changes to the IIS server.. Again, just a single port forward to the server....

I am also seeing the packets pass in the logs (I logged the rule) and I am seeing it pass the traffic now.. There has to be some simple setting that I am missing here.

EDIT: Just for info.. I am NOT running RDNS on this site and DNS is handle entirely externally... Do I need to setup a DNS server internally?? If so.. why would it work without one with the linksys??? scratches head... hair falls out

wallabybob · Jan 12, 2010, 12:25 AM

@pseudonym:

Double checked the IIS server. Found that the bindings needed to be changed. I can now surf, without any issue internally using the FQDN.. however, still getting a 404 when I try to access externally.

I don't know IIS but I would presume that a production web server would have some means of getting it to explain why it sends a 404 response. (Maybe change log settings and restart.)

EDIT: Just for info.. I am NOT running RDNS on this site and DNS is handle entirely externally… Do I need to setup a DNS server internally?? If so.. why would it work without one with the linksys??? scratches head... hair falls out

I don't get the relationship between DNS and a "Page not found" error. Please explain.

GruensFroeschli · Jan 12, 2010, 12:26 AM

The 404 error is the reason that I suspected that the issue may be the way that PFSense handles Host Header Name info.. if it is just forwarding the request to the server, and somehow stripping the Host Header Name info so that it is requesting the default page of the site rather than the specific site…

The pfSense doesnt handle anything at all.
It is completly clueless about what it is transfering.

One thing that could be something:
Under "system –> general setup" what did you set for the "Domain" field?
If the server gets it's IP dynamically (pseudo static) from the pfSense, then this part will be assigned to the DHCP clients as connection specific suffix


Ethernet adapter Local Area Connection 3:

        Connection-specific DNS Suffix  . : gruensfroeschli.mine.nu
        IP Address. . . . . . . . . . . . : 10.0.8.11
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.0.8.1

wallabybob · Jan 12, 2010, 12:44 AM

I don't know about IIS, but I have recollections from some months ago that if the local hostname changes it may be necessary to change the Apache configuration file in sympathy.

pseudonym · Jan 12, 2010, 3:35 AM

Okay.. something has happened and it does appear to be an automagic type thing. Don't know how but it is now working! W00t!.. I think LOL!

Anyhow, thanks for all the help guys! It is mucho appreciated!