Lost contact with internal webserver



  • Hey.

    I have a firewall set up with pfsense and configured with static ip and dns. I used to use dns forwarder for each of the internal networks but that caused some problem that i can't remember right now but it didn't work satisfactory…

    Each of the internal networks are connected but with restrictions to allow only certain ports and certain static ips.

    Now, my webserver is losing it's connection to the other internal networks. It works after a reboot for ~5 days to a week, but then it just stops working. It could be an internal conflict with another hardware that's using the same port, but you dont send the "connecting" to that hardware on the same port it's only the traffic after that uses the same port. And why would it just stop working if it works in the beginning?
    The webserver seem to be able to communicate on the external interface of the firewall, since i've been able to connect to it from home when it doesn't work at work...

    Any suggestions or ideas would be helpful since I'm all out of ideas myself



  • @Nyvia:

    Now, my webserver is losing it's connection to the other internal networks. It works after a reboot for ~5 days to a week, but then it just stops working.

    Some more details would give the readers a bit more information to work with. In particular, what do you mean by "stops working"? An explanation along the lines of "I did … and I saw ... but I expected to see ..." would be helpful.

    Perhaps "stops working" means that a connection to the web server is refused or it times out or it loads only part of a page or ...

    @Nyvia:

    And why would it just stop working if it works in the beginning?

    Most likely because someone has done something "silly". I need a few more clues to narrow down the possibilities for 'something silly'. When the problem happens again I suggest you attempt to connect to the web server by hostname and again by IP address. (Maybe its a DNS problem.)  If you ping the web server by hostname and again by IP address what results do you get? If you traceroute to the web server by hostname and again by IP address what results do you get? Do you get the same results when the source and web server are on the same local network as the web server compared with the source being on a different local network from the web server?

    Do you have any scheduled firewall rules (e.g. block local access to the web server between 1800 and 0800)?

    Do any of the systems get their IP address by DHCP? Is the DHCP server the same as the DNS server?



  • Well… I'm having this problem right now. When I try to connect to the page by hostname I cannot reach it, if I enter the external ip to our firewall (this should work right?) I cannot reach it, if I enter the internal ip the webpage pops up directly...

    Ping and tracerout works fine, they stop at the external ip.

    I haven't tried connecting from another internal network, I'll try that later and report what happens...

    The webserver and this computer I'm working from are connected to the same internal network.

    I'm using DHCP for all our internal networks, for the webserver and a couple of others machines I've set static ips thou. Our external details (ip, gateway, dns) are static and locked into the config, all our internal networks use's this external info.

    No schedules...

    I hope I'm being clearer now, but if there is more you want to know I'll try to answer as good as i can :)



  • Try testing from outside.  If it works you need to search the forum for "NAT reflection" since this has been discussed many times before.


Log in to reply