Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT and My Webserver

    Scheduled Pinned Locked Moved NAT
    16 Posts 7 Posters 6.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kshankin
      last edited by

      Hello,

      I've opened up port 80 and forwarded the traffic to my web server that I've setup, however, I cannot view my website when I'm inside my local network.

      If I'm at work or the library, or a buddy's house, I can view a website that I'm hosting just fine. You can see for yourself, the following link is to a small site that I'm building for a class I'm taking: http://dicksdogs.does-it.net .

      I have a NAT rule that allows for any source (both address and ports) that is destined for my WAN Address (dest. port 80) to route traffic to my web server.

      On the LAN side of my firewall, I've set a rule that just allows for everything from anything on any port.

      Does anyone have any ideas on this?

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        You need to enable NAT reflection or use a splitbrain DNS to access while you are in the same network as the webserver. Personally I like the split brain DNS. You can setup the DNS proxy within pfSense to do that for you.

        1 Reply Last reply Reply Quote 0
        • K
          kshankin
          last edited by

          @podilarius:

          You need to enable NAT reflection or use a splitbrain DNS to access while you are in the same network as the webserver. Personally I like the split brain DNS. You can setup the DNS proxy within pfSense to do that for you.

          Dang, so simple that I almost feel silly. Thanks so much for the response! I went ahead and changed the NAT reflection to enabled instead of System Default and all works great!  ;D

          1 Reply Last reply Reply Quote 0
          • B
            BeerHat
            last edited by

            I'm having issues forwarding 80 on the outside to my internal webserver in general.  All my other port forwards are working just fine.

            I set the management listener port to a high port in the 55k's and can hit it without issue externally.  I've also disabled the redirector rule.  But for the life of me, port 80 just won't forward.  Any clues?  Wonder if I'm missing something dumb. ???

            1 Reply Last reply Reply Quote 0
            • M
              Metu69salemi
              last edited by

              @BeerHat:

              I'm having issues forwarding 80 on the outside to my internal webserver in general.  All my other port forwards are working just fine.

              I set the management listener port to a high port in the 55k's and can hit it without issue externally.  I've also disabled the redirector rule.  But for the life of me, port 80 just won't forward.  Any clues?  Wonder if I'm missing something dumb. ???

              What do you see when you try to hit port 80? Error 404 or firewall management login?

              1 Reply Last reply Reply Quote 0
              • B
                BeerHat
                last edited by

                @Metu69salemi:

                @BeerHat:

                I'm having issues forwarding 80 on the outside to my internal webserver in general.  All my other port forwards are working just fine.

                I set the management listener port to a high port in the 55k's and can hit it without issue externally.  I've also disabled the redirector rule.  But for the life of me, port 80 just won't forward.  Any clues?  Wonder if I'm missing something dumb. ???

                What do you see when you try to hit port 80? Error 404 or firewall management login?

                It's not listening on Port 80 internally or externally.  Just times out.  Management page only answers on the high-port I designated – which is fine.  NAT Port fwd and rules are identical to that of other ones that are working perfect.. just can't redirect outside port 80 to my internal web server.

                1 Reply Last reply Reply Quote 0
                • M
                  Metu69salemi
                  last edited by

                  Is your portforwarding rule something like this:

                  
                  disabled: unchecked
                  No RDR: unchecked
                  Interface: WAN
                  Protocol: TCP
                  Source: any
                  Source port: any
                  Destination: your public ip( usually wan ip)
                  Destination port: 80
                  Redirect target ip: your webserver ip
                  Redirect target port: untouched
                  Description: something you want to write
                  No xmlrpc sync: unchecked
                  NAT reflection: Use system default
                  Filter rule association: Create new associated rule <-- here it might read something else, if you already created this rule
                  
                  
                  1 Reply Last reply Reply Quote 0
                  • B
                    BeerHat
                    last edited by

                    @Metu69salemi:

                    Is your portforwarding rule something like this:

                    
                    disabled: unchecked
                    No RDR: unchecked
                    Interface: WAN
                    Protocol: TCP
                    Source: any
                    Source port: any
                    Destination: your public ip( usually wan ip)
                    Destination port: 80
                    Redirect target ip: your webserver ip
                    Redirect target port: untouched
                    Description: something you want to write
                    No xmlrpc sync: unchecked
                    NAT reflection: Use system default
                    Filter rule association: Create new associated rule <-- here it might read something else, if you already created this rule
                    
                    

                    Yep.  exactly.

                    1 Reply Last reply Reply Quote 0
                    • M
                      Metu69salemi
                      last edited by

                      Try to make port redirection. from (destination)port 12800 to (redirect)port 80

                      if this works, then your isp is blocking port 80

                      1 Reply Last reply Reply Quote 0
                      • B
                        BeerHat
                        last edited by

                        @Metu69salemi:

                        Try to make port redirection. from (destination)port 12800 to (redirect)port 80

                        if this works, then your isp is blocking port 80

                        ISP is not blocking port 80.  This was working just fine with my previous Fortigate 60 router i just replaced.

                        1 Reply Last reply Reply Quote 0
                        • B
                          BeerHat
                          last edited by

                          @Metu69salemi:

                          Try to make port redirection. from (destination)port 12800 to (redirect)port 80

                          if this works, then your isp is blocking port 80

                          FWIW I can tweak the exact same port forward rule to 81 and it works perf.  Just not 80.  I read someone's thread a few weeks ago where they said something like creating the port forward AFTER setting an alternate connect port for webconfigurator somehow made a difference.  I smell a bug, somewhere.

                          1 Reply Last reply Reply Quote 0
                          • M
                            Metu69salemi
                            last edited by

                            Might be bug, but i haven't encounter even a single one with pfsense.. If change your rule again port 80, what it says then? or delete that rule fully and created it again

                            1 Reply Last reply Reply Quote 0
                            • B
                              BeerHat
                              last edited by

                              @Metu69salemi:

                              Might be bug, but i haven't encounter even a single one with pfsense.. If change your rule again port 80, what it says then? or delete that rule fully and created it again

                              I can toggle the port number till my heart's content… still no change.  It doesn't really 'say' anything, it looks like a correctly configured rule.  But, it just fails to work.

                              1 Reply Last reply Reply Quote 0
                              • J
                                Joel.C
                                last edited by

                                I have created all of my NAT Port forwarding rules and any request on an external network to my webservers etc works without issue.  I too am having the problem of navigating to my webserver etc when on my LAN network.  I have unchecked the the "Disable NAT Reflection" thus enabling it.

                                Will I have to recreate my NAT port forwarding rules now?  The reason I'm asking this is because I guess I'm not clear on the "Disables the automatic creation of NAT redirect rules for access to your public IP address from within your internal networks" line.  Now that I have essentially ENABLED the automatic creation of NAT redirect rules for access to my public UP address from within my internal network, will I need to recreate my port forwarding?

                                I have no 1:1 NAT configured, if that makes a difference.

                                Thank you.

                                1 Reply Last reply Reply Quote 0
                                • F
                                  firephlux
                                  last edited by

                                  Did you check the "Disable webConfigurator redirect rule" in the System => Advanced => Admin access  ?

                                  1 Reply Last reply Reply Quote 0
                                  • marcellocM
                                    marcelloc
                                    last edited by

                                    balance or nat will not work on same interface, you will need a reverse proxy package or an outbound nat to change source ip going to web servers.

                                    visual example:
                                    192.168.1.20 - client
                                    192.168.1.200 - firewall
                                    192.168.1.10 - web server

                                    192.168.1.20 asks 192.168.1.200 for a page

                                    192.168.1.20  forwards to 192.168.1.10

                                    192.168.1.10 see that client(192.168.1.20) is on same network

                                    192.168.1.10 returns page directly to 192.168.1.20

                                    192.168.1.20 rejects this communication as he asked 192.168.1.200 for a page and response came from 192.168.1.10

                                    To workaround this without any package or nat, you need to edit internal dns to answer website name to its server ip.

                                    Treinamentos de Elite: http://sys-squad.com

                                    Help a community developer! ;D

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.