Web server behind pfsense
-
Hello,
I have multiple public ip
s… Ive setup my pfsense on public ip: xxx.xxx.xxx.18
I have a web server on public ip: xxx.xxx.xxx.3
Now, I want to migrate the web server to an internal LAN I (192.168.77.0) behind pfsense.
Only two NICs, one internal and one external... When i used my logic it didnt work:
-created VirtualIP for xxx.xxx.xxx.3
-forwarded port 80 from any to xxx.xxx.xxx.3 with NAT IP 192.168.77.101
-created a firewall rule from any port 80 to xxx.xxx.xxx.3 port 80Obviously my logic is wrong, please help!
Thx!
-
did you specify source port? you shouldn't do that
-
No, the source port is not specified…
Actually, I am trying to do a 1:1 NAT and it is not going quite well...
I`ll try to be specific as much as I can:- Virtual IP: Proxy ARP, WAN, Single adress, xxx.xxx.xxx.3, everything else default.
- NAT: 1:1: WAN, External subnet IP: xxx.xxx.xxx.1, Internal IP: 192.168.77.101, Destination: single host or alias, xxx.xxx.xxx.3, else default
- Firewall rules: Pass, WAN, TCP/UDP, Source:any, Destination: Single host or alias, xxx.xxx.xxx.3, Destination port range: from:http, to:http, else default
Anyone?
-
Have you also manual outbound nat for that device?
if you check www.whatsmyip.com with your webserver do you see ip address xxx.xxx.xxx.3 or do you see something else
-
No, it
s showing me the pfsenses ip…
Havent done manual outbound because I dont know how... :( -
Manual outbound nat is simple to create, but unfortunately i can't remember exact procedure
give this information in correct order
Wanted outside ip
From what machine: 192.168.77.101 /32and make sure that it is before automatically created nat rule.
-
you don't really need both public IP's
solution: to create a NAT rule to forward the request
steps to take on the multi-wan:
1. logon to the multiwan device
2.Navigate to Firewall>Aliases>create new alias
i.name: yourwebserver
ii. Description: webserver
iii.Type: Host(S) , add 192.168.77.0 as yourwebserver
iv. Save3. navigate to Firewall>NAT>port forward and create a new rule
4.Interface for the rule to apply:- (WAN)
i. protocol :- TCP
ii.source:- any
iii. destination :- WAN Address (your public IP)
iv. destination port range:- HTTP
v. Redirect target IP:- 192.168.77.0 (alias: yourwebserver)
vi. Redirect target port:- HTTP:8080
vii.Description:- NAT to webserver
viii. NAt reflection-: default
ix.Firewall rule association: Add associated filter rule
x. Save