Resolve WAN domain from LAN (webserver)

greeeg

daniel.t3dev1.cross-agency.ch

I'm a new user in PFSENSE. I decided to install it after reader good reviews and I wanted a BSD based firewall, so…

After installing PFSENSE, we have an external IP on WAN interface and 10.0.1.x subnet on LAN interface.
PFSENSE LAN IP : 10.0.1.1
What I configured :

• Add a port forwarding for port 80 to LAN webserver (suppose 10.0.1.100)
• PFSENSE automatically added a firewall rule for port 80
• Configure DDNS (xxx.dyndns.org)
• Allow DNS server overridden for DHCP clients

From outside, URL xxx.dyndns.org displays my webpage, hosted on 10.0.1.100.
From inside (LAN) xxx.dyndns.org displays PFSENSE webadmin page. http://10.0.1.100 displays 10.0.1.100 webpage.

I read some doc but I cannot find something that works for me. If I disable "nat reflexion"... that works BUT I can no longer access to PFSENSE webadmin !!! Even 10.0.1.1 redirect me to 10.0.1.100 webpage...
Do you have an idea ?

Thanks a lot.

Cry Havok

Change the port that the pfSense web interface uses (or simply switch it to HTTPS) and then disable NAT reflection.

greeeg

@Cry:

Change the port that the pfSense web interface uses (or simply switch it to HTTPS) and then disable NAT reflection.

Well, thank you for your answer. I found time to try this, but it does not work.
I check this : Disables the automatic creation of NAT redirect rules for access to your public IP addresses from within your internal networks. Note: Reflection only works on port forward type items and does not work for large ranges > 500 ports
I move pfsense webadmin to https.

A nslookup to xxx.dyndns.org gives my wan IP : ok.
But xxx.dyndns.org in my browser gives a timeout.

From a LAN client, I try this :
curl -Iv http://xxx.dyndns.org

• About to connect() to xxx.dyndns.org port 80 (#0)
  *  Trying xxx.xxx.109.180… Operation timed out
• couldn't connect to host
• Closing connection #0
  curl: (7) couldn't connect to host

Any ideas ?

Cry Havok

Try re-enabling NAT reflection.

greeeg

@Cry:

Try re-enabling NAT reflection.

Still not working…

Supermule

Which version??

greeeg

@Supermule:

Which version??

1.2.3

Supermule

Are you on the 10.1.x.x LAN yourself??? or are you still at 192.168.x.x??

greeeg

@Supermule:

Are you on the 10.1.x.x LAN yourself??? or are you still at 192.168.x.x??

I'm 10.0.1.x (pfsense lan is 10.0.1.1).

irongete

Hi greeeg!

I'm having the same problem as you, from outside I can see my website but from inside Im being redirected to the pfSense web admin.

Did you find a solution to that problem?

Thanks!

pcbosrders

sorry if this is sovled
but have you checked it sounds like you have to servers listening on port 80
set one server to :8080 it should work
i found that which ever server is in the nat list first becomes default if there is a conflict
just a suggestion from trial and errror