Access to webserver from outside…
-
Im trying to do NAT from my WAN (public ip) adress to one Host from LAN (webserver)
WAN: 190.6.X.X
LAN: 192.168.217.0/24
HOST –> 192.168.217.245Im actually running multi-wan but i dont think that should be a trouble.
Here i show you my LAN and WAN Rules and also de Port forwarding.
http://imageshack.us/photo/my-images/18/natc.jpg/Please, tell me what im doing wrong..
-
They look ok. What is the problem you're having? Are you sure the web server isn't the problem?
-
yes im sure, because the web service is actually running. i used an web aplication everyday inside the Lan.
i just want to have access from outside and isn't working.
i used to have a mikrotik router before trying pfsense and that NAT was working.
but i really need to figure out this, is very important to me
have access to this server from world wide. -
The firewall rule with no name and all stars, is that a block or pass rule?
If it´s a block rule then your port 80 rule won´t have any effect since it is after the block all rule.
Then you need to move the port 80 rule before the block all rule.If it´s a Allow rule, why do you want to have every port in your firewall open?
/illern
-
In your second picture I see, that there is an allow any to any rule and block "bogons" on your WAN interface.
1.) Is the WAN interface directly connected the the ISP or is there another router/subnet which uses private IPs which get blocked by the bogon rules =
2.) If I am right -if you allow any port and any direction on the WAN interface then it will be possible to connect to the pfsense webGUI with port 80 or 443. Could this be the problem that there is a kind of "port sharing" of port 80 and/or 443 ?
Try to change the pfsensewebGUI port to 47011 or something else and then try again.
-
In your second picture I see, that there is an allow any to any rule and block "bogons" on your WAN interface.
How can you tell if the rules are Allow or Block from that picture?
The red and green icons are not showing in the picture since it is cropped on the left side.At least on the picture I can see.
/illern
-
As far as I know ther is no "default allow bogons" rule, so it must be "block".
Further it would make no sense to add an additional "block any to any" rule because there is by default a "block any" rule on every interface.
But you are right, on the picture you can NOT see if it is block or allow.
Perhaps we should add, that firewall rules will take action from TOP to DOWN and if the any to any rull is block, than the secon one (NAT rule) will never be appllied.
