Redirection doesn't work when using PPPoE on WAN Interface



  • Hi!
    Here is my two différents config:

    Config 1: My pfsense box is behind a modem/router
    WAN interface: 192.168.1.1
    I have a web server in my DMZ, i have redirection on my modem/router and my pfsense box to this server. Internet users can access this web server.

    Config 2: I have removed the modem/router, my pfsense box is directly connected to a modem
    WAN interface: PPPoE (213.41.xx.xx)
    I keep the redirection to my web server but when Internet Users try to reach my web server, they get pfsense page wich ask login and password…

    What could be the problem?
    Thanks.


  • Rebel Alliance Developer Netgate

    You probably have an incorrect port forward. Can you post a screenshot of your port forward configuration? (The list of port forwards should be enough)

    Hint: Port forwards for this should be on WAN only, and the external interface should be set to 'WAN Address' and not 'any'.




  • They are set with ip ext any, but with interface adress, it's the same.


  • Rebel Alliance Developer Netgate

    Set the external address back to "Interface Address" and leave it that way.

    If you have that set to "any" and you also enable NAT reflection, it will break in exactly the way you describe. Try to disable NAT reflection for your next test also.



  • Actually, it sounds like cyanatide means that the web server cannot be accessed by the WAN IP from internal hosts.  The usual behavior for this would be that it would end up at the web server on the pfSense system rather than the web server the port forward would redirect to.  NAT reflection probably has not been enabled yet.

    cyanatide:  Do not enable NAT reflection without changing the external address field on your port forwards to something other than "any" or you will lose access to the web GUI on the pfSense box and to any external systems on those ports, as it will end up forwarding all connections on those ports to your web server (on 1.2.3 or earlier).


Log in to reply