Internally access internal webserver behind pfsense when using public domain



  • We have a webserver behind our pfsense firewall (http://staging.example.com).  We have port 80 NAT'ed through pfsense pointing to the appropriate internal server.  We can access our internal server by going to http://staging.local) and we can access the server from outside the network by going to http://staging.example.com) but we cannot access http://staging.example.com from within the network.  I used to be able to do this when using a consumer grade router, but I'm obviously missing something simple with pfsense.

    Thanks in advance for the answer!



  • Search the forum for nat reflection or loopback - you should find a few relevant threads.



  • @Cry:

    Search the forum for nat reflection or loopback - you should find a few relevant threads.

    Thanks… I didn't know the terminology.



  • Well that's really strange.  When I enable reflection I can access the internal server using the external domain, but now I get 404 errors on all the websites I try and visit.  Could this be because of the Squid Cache or something along those lines?



  • Did you set as external address in your port-forward "any"? (It should be your WAN-address)
    Because then you get the described behaviour.



  • @GruensFroeschli:

    Did you set as external address in your port-forward "any"? (It should be your WAN-address)
    Because then you get the described behaviour.

    Ah yep… that was it again.

    For anyone else reading this... basically if you're port forwarding port 80 to an internal web server... make sure "External address" is set to "Interface Address", and then uncheck the "Disable NAT Reflection"

    This will help people who have an in house SVN (Subversion) and you want to be able to connect to it using your laptop while at the office or on the road.

    Thanks GruensFroeschli and Cry Havok for all the help!


Log in to reply