How do I get pfsen to ALLOW web traffic from my domain?



  • A friend helped me with the 6EI kit; I mailed the kit to him, he build and installed v 1.2.3 and sent it back.  At first, neither mail nor my web worked thru the new netgate kit.  Then he did some magic commands and mail returned.  [[He thought that my websites were working –though apache22--; but nope.  If I use lynx to connect:

    % lynx http://www.thought.org

    it doesn't fail immediately.  It tries to connect and eventually times out.  The firefox browser suggests it might be a firewall problem, and Friday morning, using pfSense on my HP Kayak, everything worked!  Thus my thinking that I need to alter something on the port 80 tables.  So hoping that some of the pfSense wizards here and clue me in.

    tia, folks.



  • It is unclear whether you're saying people can't connect in, or connect out. Knowing which you mean would help a lot.

    Key questions if this is for others connecting in to your network:

    1. Are you testing this from outside your network?
    2. Does your pfSense host have the routable WAN IP of your network?
    3. Have you created any port forwarding rules for port 80?
    4. Can you access the Apache server from a different computer on the LAN, using the LAN IP?

    Also, posting a copy of your WAN rules and your NAT rules would help people help you.

    If this is for people connecting out from your network please post a screenshot of the LAN rules.



  • I don't know if anyone outside my domain and view my websites.  The couple shell account I have access to do not have browsers; not even lynx.  I can reach anywhere by firefox from either my FreeBSD server or Linux desktop.

    I'm not sure what you mean by you #2, but on page /interfaces_wan.php under the "Static IPs" window, is my beginning [of 5] static IPs],
    209.180.213.209  /  29

    I have not created any rules using pf.  I have used ipfw and ipf; I'm new to pf.

    I can ping all over using my external quads or my internal ones:

    pts/5 1:45 <tao>[5163] ping 209.180.213.209                          ~/Desktop
    PING 209.180.213.209 (209.180.213.209) 56(84) bytes of data.
    64 bytes from 209.180.213.209: icmp_req=1 ttl=64 time=0.304 ms
    64 bytes from 209.180.213.209: icmp_req=2 ttl=64 time=0.196 ms

    pts/5 1:45 <tao>[5164] ping 10.47.0.230                              ~/Desktop
    PING 10.47.0.230 (10.47.0.230) 56(84) bytes of data.
    64 bytes from 10.47.0.230: icmp_req=1 ttl=64 time=0.176 ms
    64 bytes from 10.47.0.230: icmp_req=2 ttl=64 time=0.177 ms
    .230 and .230 are the same platform.

    As for posting my WAN and LAN rules, if you tell me how to do this, I will.  –I was more comfortable using the pass in'' orallow/deny'' on IP ....  The pfSense idea is new and I rarely touch it.

    To get a screenshot, please tell me how to display the rules.</tao></tao>



  • You're saying then that people outside your network cannot reach web sites on your network?

    Please read the pfSense documentation, particularly the section on port forwarding. Buying the pfSense book would probably be of considerable benefit to you too.

    As for firewall rules, NAT settings etc - everything is accessible through the web GUI.


Locked