Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Internally access internal webserver behind pfsense when using public domain

    Scheduled Pinned Locked Moved NAT
    6 Posts 3 Posters 10.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rockinthesixstring
      last edited by

      We have a webserver behind our pfsense firewall (http://staging.example.com).  We have port 80 NAT'ed through pfsense pointing to the appropriate internal server.  We can access our internal server by going to http://staging.local) and we can access the server from outside the network by going to http://staging.example.com) but we cannot access http://staging.example.com from within the network.  I used to be able to do this when using a consumer grade router, but I'm obviously missing something simple with pfsense.

      Thanks in advance for the answer!

      Chase
      Link Removed
      PFSense 2.0.1 - RELEASE

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        Search the forum for nat reflection or loopback - you should find a few relevant threads.

        1 Reply Last reply Reply Quote 0
        • R
          rockinthesixstring
          last edited by

          @Cry:

          Search the forum for nat reflection or loopback - you should find a few relevant threads.

          Thanks… I didn't know the terminology.

          Chase
          Link Removed
          PFSense 2.0.1 - RELEASE

          1 Reply Last reply Reply Quote 0
          • R
            rockinthesixstring
            last edited by

            Well that's really strange.  When I enable reflection I can access the internal server using the external domain, but now I get 404 errors on all the websites I try and visit.  Could this be because of the Squid Cache or something along those lines?

            Chase
            Link Removed
            PFSense 2.0.1 - RELEASE

            1 Reply Last reply Reply Quote 0
            • GruensFroeschliG
              GruensFroeschli
              last edited by

              Did you set as external address in your port-forward "any"? (It should be your WAN-address)
              Because then you get the described behaviour.

              We do what we must, because we can.

              Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

              1 Reply Last reply Reply Quote 0
              • R
                rockinthesixstring
                last edited by

                @GruensFroeschli:

                Did you set as external address in your port-forward "any"? (It should be your WAN-address)
                Because then you get the described behaviour.

                Ah yep… that was it again.

                For anyone else reading this... basically if you're port forwarding port 80 to an internal web server... make sure "External address" is set to "Interface Address", and then uncheck the "Disable NAT Reflection"

                This will help people who have an in house SVN (Subversion) and you want to be able to connect to it using your laptop while at the office or on the road.

                Thanks GruensFroeschli and Cry Havok for all the help!

                Chase
                Link Removed
                PFSense 2.0.1 - RELEASE

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.