Resolve WAN domain from LAN (webserver)



  • daniel.t3dev1.cross-agency.ch

    I'm a new user in PFSENSE. I decided to install it after reader good reviews and I wanted a BSD based firewall, so…

    After installing PFSENSE, we have an external IP on WAN interface and 10.0.1.x subnet on LAN interface.
    PFSENSE LAN IP : 10.0.1.1
    What I configured :

    • Add a port forwarding for port 80 to LAN webserver (suppose 10.0.1.100)
    • PFSENSE automatically added a firewall rule for port 80
    • Configure DDNS (xxx.dyndns.org)
    • Allow DNS server overridden for DHCP clients

    From outside, URL xxx.dyndns.org displays my webpage, hosted on 10.0.1.100.
    From inside (LAN) xxx.dyndns.org displays PFSENSE webadmin page. http://10.0.1.100 displays 10.0.1.100 webpage.

    I read some doc but I cannot find something that works for me. If I disable "nat reflexion"... that works BUT I can no longer access to PFSENSE webadmin !!! Even 10.0.1.1 redirect me to 10.0.1.100 webpage...
    Do you have an idea ?

    Thanks a lot.



  • Change the port that the pfSense web interface uses (or simply switch it to HTTPS) and then disable NAT reflection.



  • @Cry:

    Change the port that the pfSense web interface uses (or simply switch it to HTTPS) and then disable NAT reflection.

    Well, thank you for your answer. I found time to try this, but it does not work.
    I check this : Disables the automatic creation of NAT redirect rules for access to your public IP addresses from within your internal networks. Note: Reflection only works on port forward type items and does not work for large ranges > 500 ports
    I move pfsense webadmin to https.

    A nslookup to xxx.dyndns.org gives my wan IP : ok.
    But xxx.dyndns.org in my browser gives a timeout.

    From a LAN client, I try this :
    curl -Iv http://xxx.dyndns.org

    • About to connect() to xxx.dyndns.org port 80 (#0)
      *  Trying xxx.xxx.109.180… Operation timed out
    • couldn't connect to host
    • Closing connection #0
      curl: (7) couldn't connect to host

    Any ideas ?



  • Try re-enabling NAT reflection.



  • @Cry:

    Try re-enabling NAT reflection.

    Still not working…


  • Banned

    Which version??



  • @Supermule:

    Which version??

    1.2.3


  • Banned

    Are you on the 10.1.x.x LAN yourself??? or are you still at 192.168.x.x??



  • @Supermule:

    Are you on the 10.1.x.x LAN yourself??? or are you still at 192.168.x.x??

    I'm 10.0.1.x (pfsense lan is 10.0.1.1).



  • Hi greeeg!

    I'm having the same problem as you, from outside I can see my website but from inside Im being redirected to the pfSense web admin.

    Did you find a solution to that problem?

    Thanks!



  • sorry if this is sovled
    but have you checked it sounds like you have to servers listening on port 80
    set one server to :8080 it should work
    i found that which ever server is in the nat list first becomes default if there is a conflict
    just a suggestion from trial and errror


Log in to reply