HTTP port forward not reaching web server

  • Hello.

    I'm running pfSense in VMWare on Windows Server 2003. Everything is working fine; all of the internal machines are going through it to get outside. The external port is only being used by the pfSense virtual machine and is wired directly to my cable modem.

    I want to present an internal web server to the outside world. It's running IIS6 on Windows Server 2003. The website is up and running, it's the only site on the machine, has no host headers associated with it, is set to accept traffic on all IP addresses on port 80, and I can access the site internally with either its internal IP address or machine name.

    I followed the instructions for setting up port forwarding, using port 80 and pointing to the internal IP address of the web server (it is the correct address), making sure I told the WebGUI to create a firewall rule at the same time. Everything looked as I expected on the NAT and firewall pages.

    After unchecking Disable NAT Reflection I can, internally, get to the website using the external IP address of the pfSense machine.

    From an external machine, in Firefox, I get an error message after 10-20 seconds saying "The operation timed out when attempting to contact [external IP address]". It doesn't work in any browser, and I can't telnet to port 80 either.

    I enabled logging on the firewall rule and it fires (green icon), so my ISP isn't blocking the port and traffic is reaching the pfSense machine. The internal web server never receives the request, though. There's no record of it in the IIS logs.

    I've rebooted the pfSense machine but that hasn't resolved the issue.

    Has anyone come across this before? Does anyone know what I'm doing wrong?

    Thanks in advance.

  • not sure i get what you mean.  the icon being green in the firewall rules only means it is enabled not that it has "fired".  a lot of residential broadband providers block port 80 inbound.  if you do a packet capture on the WAN and try connecting, does anything show?

  • The green icon is in the firewall logs, not on the rules page, and only appears after I request the page in a browser on an external machine (I didn't check after doing it from an internal machine because the web page was displayed).

    Yes, the HTTP request was in the packet capture from the WAN interface.

  • what do you see if you capture on the LAN interface?

  • im doing kinda the same, on the lan interface the packet capture idnt get anything at all

  • Enable disable nat reflection and check windows firewall and antivirus firewall.

Log in to reply