Multiwan + no web server access from LAN



  • Hi all,
    hope you can help me because I freak out on my problem.

    I have to 2 WAN connections.
    WAN1 has a static IP address (x.x.x.x)
    WAN2 has a dynamic IP address (y.y.y.y)

    From WAN1 I have a port forwards to a internal server S1 to ports 8020 and 8383, the S1 communicate over the same IP out like the WAN1. If now I try to access the Web server over the ports from a external IP address like form my UMTS CARD I can access the Webpage perfect (http://x.x.x.x:8383).

    But if I try to access the IP address from internal LAN with x.x.x.x:8383 I get every time in firefox this message:
    –--------------------------------------------
    Secure Connection Failed

    An error occurred during a connection to x.x.x.x:8383.

    SSL received a record that exceeded the maximum permissible length.

    (Error code: ssl_error_rx_record_too_long)
        *  The page you are trying to view can not be shown because the authenticity of the received data could not be verified.

    *  Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

    What I really not understand why it works from a external IP address perfect and from a internal not.  >:(
    What can be happen ???

    Hope really that someone can help out on this problem.

    Best PD



  • Try enabling NAT reflection.



  • @tommyboy180:

    Try enabling NAT reflection.

    Thanks for the hint. In my settings I have "Disable NAT Reflection" not activated.
    Same Problem.




  • Is NAT reflection specifically enabled on your port forward rule?




  • @Boolah:

    Is NAT reflection specifically enabled on your port forward rule?

    Wow, never see this option, I using Version 1.2.3. Maybe your picture is from the version 2.0.

    How I can this also in Version 2.0?

    Thanks Boolah.

    PD



  • You're right - that screen shot was from 2.0.  In 1.2.3, I think you'll need to recreate the forward after you change the NAT reflection setting on the advanced options page.  It's been a while since I ran 1.2.3…



  • @Boolah:

    You're right - that screen shot was from 2.0.  In 1.2.3, I think you'll need to recreate the forward after you change the NAT reflection setting on the advanced options page.  It's been a while since I ran 1.2.3…

    Hi,
    I delete first all rules. Wait around 10min and recreate all rules. But I get the same error again.
    Attached my FW Rule and NAT Rule.

    Have anyone some more hints how to fix it ???

    ![Screenshot - 24.08.2010 , 09_22_22.png](/public/imported_attachments/1/Screenshot - 24.08.2010 , 09_22_22.png)
    ![Screenshot - 24.08.2010 , 09_22_22.png_thumb](/public/imported_attachments/1/Screenshot - 24.08.2010 , 09_22_22.png_thumb)



  • Now I found the problem why the NAT is not working and I think it is a Bug in the pfSense 1.2.3.

    It looks like that the "NAT Port Forward" have got problems with "Aliases" type "PORTS"
    I create a Alias with 2 Ports (80, 443) type "Ports(s). I use this in my Alias in my Port Forward rule.

    After I try to get on the external IP over a internal Network, it doesn't work.

    Now I split the Port Forward rule into to rules without a alias and use for the one rule the port 80
    and for the other one 443. And now BINGO, it works, I can access a Webpage from the internal
    network to the external address what is a port forward to our internal network.

    Now I test this on a another pfSense installation that we have in a another location and I can
    reproduce the problem on that one too.

    So it looks like the version 1.2.3 have the bug with PORT ALIASES.

    Hope this can help other users now.

    Best,
    PD


Log in to reply