Accessing any of my Virtual IPs redirects you to the Pfsense 2.0.1 login page?

  • ??? Am trying to troubleshoot an odd issue and was hoping someone might be able to assist.

    1.) My ISP has provided a block of (5) static IPs (25.x.x.100, 25.x.x.101, 25.x.x.102, 25.x.x.103, 25.x.x.104)

    2.) First, I assigned the first static IP to pfsense WAN interface under Interfaces > WAN as 25.x.x.100/24 (and added my ISP's gateway IP)

    3.) My pfsense router has a LAN IP of, subnet mask and assigns internal addresses using DHCP
    Am running snort without issue.  Squid was installed at one point, but I uninstalled it along with squidguard, lightsquid and havp.

    4.) I've created Virtual IPs for each of my static IPs as (Type: IP Alias):
    25.x.x.100/24, 25.x.x.101/24 thru 25.x.x104/24

    5.) I then assigned the next available static IP to my home server using Firewall:NAT: 1:1 setup as follows: 25.x.x.101/24 to (server DHCP static lease IP)

    6.) Next, I went into Firewall > Rules > WAN and create a new rule to pass HTTPS (port 43) traffic coming into 25.x.x.101 to
    ACTION: Pass
    Interface: WAN
    Protocol: TCP
    Source: any
    Destination: single host or alias - address:
    Destination port range: HTTPS to HTTPS

    Now, if I attempt to connect any client PC on my LAN to to the internet address of my server box ( using the url: https://25.x.x.101, I am immediately redirected to the  pfsense web login page as if I had pointed to https://25.x.x.100 though the URL in the address bar itself doesn't change to https://25.x.x.100.

    Under System > Advanced > Firewall/NAT, my NAT setting are:

    Disable NAT reflection for port forwards: UNCHECKED
    Disable NAT reflection for 1:1 NAT: UNCHECKED
    Automatically create outbound NAT rules which assist…: UNCHECKED

    From another machine out on the internet, I am able to successfully browse to https://25.x.x.101 and be forwarded to my internal server  My goal was to be able to access from behind the pfsense firewall using it's static WAN IP of 25.x.x.101.

    Any assistance that someone could provide would be sincerely appreciated.  Thank you!

  • You need two more steps:

    • Change pfsense gui o any port other then 443

    • Create an outbound nat rule forcing sourcenat to firewall lan ip when talking to

  • @marcelloc:

    You need two more steps:

    • Change pfsense gui o any port other then 443

    • Create an outbound nat rule forcing sourcenat to firewall lan ip when talking to

    thanks marcelloc!  OK, as you've recommended, I've changed pfsense admin UI from HTTPS 443 to 563.

    RE: #2, would you please explain how to do this? here are my current Firewall > NAT > Outbound rules.

    Right now if i ping from behind pfsense, it correctly returns 25.x.x.101.  But, from behind pfsense, if I enter, it is not directing me to 25.x.x.101 and ultimately LAN IP

  • The best way to fix this is having an external dns for internet and a internal dns that returns server ip instead of firewall wan ip.


    if you do not care about server logs, the outbound nat rules be this way

    interface lan
    source *
    source port *
    destination server_ip
    destination port  server_port
    nat address *
    nat port *

  • Good news.  Was able to resolve this issue by ensuring that:


    "Automatically create outbound NAT rules which assist inbound NAT rules that direct traffic back out to the same subnet it originated from." is CHECKED.

    Once CHECKED, I was able to access (example address) from behind the firewall and I could access the site as if I too was on the internet.