• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Web server behind pfsense 2 firewall

Scheduled Pinned Locked Moved NAT
23 Posts 7 Posters 33.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    lankanatha
    last edited by Apr 19, 2012, 7:39 AM

    Hi,
    i want setup web server behind firewall.please tell step by step instruction for fresh installation of pfsense 2.
    thank you.

    i have pc with two NIC
    wan–---> real ip(xxx.xxx.xx.xx/27)
    LAN----->172.16.1.1/24

    1 Reply Last reply Reply Quote 0
    • M
      mibovrd
      last edited by Apr 19, 2012, 5:54 PM

      Step by Step instructions are posted here.

      http://doc.pfsense.org/index.php/Main_Page

      Tweet: MIBovrd@cqrite http://www.cqrite.com

      1 Reply Last reply Reply Quote 0
      • L
        lankanatha
        last edited by Apr 20, 2012, 7:32 AM

        @M.I.Bovrd:

        Step by Step instructions are posted here.

        http://doc.pfsense.org/index.php/Main_Page

        but i cant forward port???
        i want to redirect web request port 80,81,82 to my local (172.16.24.20) webserver.
        it doesnt working?

        1 Reply Last reply Reply Quote 0
        • B
          biggsy
          last edited by Apr 20, 2012, 10:38 AM

          172.16.24.20 isn't in the 172.16.1.1/24 subnet.

          1 Reply Last reply Reply Quote 0
          • L
            lankanatha
            last edited by Apr 23, 2012, 4:09 AM

            @biggsy:

            172.16.24.20 isn't in the 172.16.1.1/24 subnet.

            it means i have to change subnet as 172.16.24.20/16
            ???

            1 Reply Last reply Reply Quote 0
            • M
              mibovrd
              last edited by Apr 23, 2012, 5:21 AM

              You have a couple of options:

              Use another interface for the server, better keeping servers separate anyway.
              Use VLANS, one for the current 172.16.1.1/24 and the other 172.16.24.20/32.
              Change the server IP or the network range so they are in the same range.

              The pfSense book explains VLAN's really well, but you do need a managed switch that supports VLAN's, some say they do but don't do it very well.

              Tweet: MIBovrd@cqrite http://www.cqrite.com

              1 Reply Last reply Reply Quote 0
              • L
                lankanatha
                last edited by Apr 23, 2012, 5:51 AM

                @M.I.Bovrd:

                You have a couple of options:

                Use another interface for the server, better keeping servers separate anyway.
                Use VLANS, one for the current 172.16.1.1/24 and the other 172.16.24.20/32.
                Change the server IP or the network range so they are in the same range.

                The pfSense book explains VLAN's really well, but you do need a managed switch that supports VLAN's, some say they do but don't do it very well.

                Thank you.. for your reply,
                i just follow that pfsense documentation for solve this,its very SIMPLE
                1.add NAT
                2.add Rule for allow access webser server thats all
                but still i cant open port 80-82
                this is what i did,
                1.wan ip –----------xxx.xxx.xx.xx/27
                lan ip 172.16.24.20/24
                my internal web server ip 172.16.24.20/24
                my web is running http://172.16.24.20:80
                and some other services on 81 and 82

                i want to access my local web through http://xxx.xxx.xx.xx:80 and 81,82
                this is the scenario, its simple
                please help me.
                what i did
                1.1. Browse to Firewall | NAT.
                2. Select the Port Forward tab.
                3. Click the "plus" button to create a new NAT port forward rule.
                4. For Destination port range, choose HTTP for the from and to drop-down boxes.(80-82)
                5. For Redirect target IP specify the web server this traffic will be forwarded to, by alias or IP address.(172.16.24.20)
                6. For Redirect target Port choose HTTP.(80-82)
                7. Add a Description, such as Forward HTTP to webserver1.
                8. Save the changes.
                then i did
                1. Browse to Firewall | Rules.
                2. Select the WAN tab.
                3. Click the "plus" button to create a new firewall rule.
                4. Specify the WAN Interface.
                5. Specify the TCP Protocol.
                6. Specify any as the Source.
                7. Specify any as the Source Port Range.
                8. Specify Webserver1 as our Destination.
                9. Specify HTTP as our Destination Port Range.
                10. Specify a Description.
                11. Save the changes.

                and unchecked nat reflection.

                1 Reply Last reply Reply Quote 0
                • M
                  mibovrd
                  last edited by Apr 23, 2012, 2:44 PM

                  Sorry, I am confused, I think there is a language barrier here, I am not sure if you solved the problem or not? You say it is simple, but then say please help me?

                  Did you change your internal network range from 172.16.1.1/24 to something else? i.e. /16 or change the the LAN range to 172.16.24.0/24? I think that you have  changed range to 172.16.24.0/24 otherwise it wont work?!

                  Does the IP of the server have to be where you have it?

                  If you want to access internal servers from inside you need NAT Reflection on, as a general rule.

                  If you really have to supernet then a mask of /19 or 255.255.255.224 will give you a NET of 172.16.0.0-172.16.31.255 Broadcast. So you'd have to change your LAN. This will increase memory use though I am pretty sure.

                  Tweet: MIBovrd@cqrite http://www.cqrite.com

                  1 Reply Last reply Reply Quote 0
                  • L
                    lankanatha
                    last edited by Apr 24, 2012, 7:24 AM

                    @M.I.Bovrd:

                    Sorry, I am confused, I think there is a language barrier here, I am not sure if you solved the problem or not? You say it is simple, but then say please help me?

                    Did you change your internal network range from 172.16.1.1/24 to something else? i.e. /16 or change the the LAN range to 172.16.24.0/24? I think that you have  changed range to 172.16.24.0/24 otherwise it wont work?!

                    Does the IP of the server have to be where you have it?

                    If you want to access internal servers from inside you need NAT Reflection on, as a general rule.

                    If you really have to supernet then a mask of /19 or 255.255.255.224 will give you a NET of 172.16.0.0-172.16.31.255 Broadcast. So you'd have to change your LAN. This will increase memory use though I am pretty sure.

                    Thank you…
                    :-) it means this scenario is simple,
                    but i couldn't overcome this fault,
                    webserver ip 172.16.24.60/24

                    1 Reply Last reply Reply Quote 0
                    • M
                      mibovrd
                      last edited by Apr 24, 2012, 5:48 PM Apr 24, 2012, 5:43 PM

                      Well, the only other thing I can suggest is to apply the Server IP to a VIP outside of your network, change the actual IP of the server to one inside your network range, and then create a 1:1 NAT between them.

                      Or your back to VLAN's again.

                      Tweet: MIBovrd@cqrite http://www.cqrite.com

                      1 Reply Last reply Reply Quote 0
                      • N
                        nahid
                        last edited by Apr 27, 2012, 11:14 PM

                        lankanatha,

                        Create aliases for both of the IP's (Internal Web Server and External IP that you use for your domain).
                        Then make port forward for the desired ports.

                        Attached you can get the example.

                        PortForward.png
                        PortForward.png_thumb

                        1 Reply Last reply Reply Quote 0
                        • L
                          lankanatha
                          last edited by May 2, 2012, 6:35 AM

                          Thank you.
                          :-)
                          @nahid:

                          lankanatha,

                          Create aliases for both of the IP's (Internal Web Server and External IP that you use for your domain).
                          Then make port forward for the desired ports.

                          Attached you can get the example.

                          1 Reply Last reply Reply Quote 0
                          • L
                            lankanatha
                            last edited by May 3, 2012, 7:56 AM

                            but still it doesnt work,
                            please provide step by step configuration for redirect port 80 to internal server.
                            thank you.

                            @nahid:

                            lankanatha,

                            Create aliases for both of the IP's (Internal Web Server and External IP that you use for your domain).
                            Then make port forward for the desired ports.

                            Attached you can get the example.

                            nat.jpg
                            nat.jpg_thumb

                            1 Reply Last reply Reply Quote 0
                            • C
                              cmb
                              last edited by May 3, 2012, 10:50 AM

                              That last post's screenshot is correct assuming the WANIF alias contains an IP assigned to your WAN (or an IP routed to you, or a virtual IP). What's in that alias?

                              1 Reply Last reply Reply Quote 0
                              • J
                                JSmorada
                                last edited by May 4, 2012, 12:23 PM

                                I'm having what appears to be a related problem. My pfSense 2.0.1 box was running great until a thunderstorm knocked out the power. When I tried to bring the firewall back up, the file system was corrupt to the point where I had to do an install from scratch. I used the latest config backup I had, which was from Feb 2012, but when it got to  "conifguring firewall" on the console, it would hang. So, I started from scratch. I have a web server behind the firewall that I make accessible to the outside world but whenever I try to access a web page on it, it tries to go in as https instead of http. Is there something I'm missing here? I tried the suggestions below and it still isn't working. This shouldn't be rocket science and I've done it before…

                                Thank You,
                                Jon

                                1 Reply Last reply Reply Quote 0
                                • J
                                  JSmorada
                                  last edited by May 5, 2012, 9:28 PM

                                  Unfortunately, I couldn't afford to have my web server down, so I had to fall back to an old FVS-318 and have a Juniper appliance on the way.

                                  @nipstech:

                                  I'm having what appears to be a related problem. My pfSense 2.0.1 box was running great until a thunderstorm knocked out the power. When I tried to bring the firewall back up, the file system was corrupt to the point where I had to do an install from scratch. I used the latest config backup I had, which was from Feb 2012, but when it got to  "conifguring firewall" on the console, it would hang. So, I started from scratch. I have a web server behind the firewall that I make accessible to the outside world but whenever I try to access a web page on it, it tries to go in as https instead of http. Is there something I'm missing here? I tried the suggestions below and it still isn't working. This shouldn't be rocket science and I've done it before…

                                  Thank You,
                                  Jon

                                  1 Reply Last reply Reply Quote 0
                                  • C
                                    chpalmer
                                    last edited by May 6, 2012, 3:12 AM

                                    @lankanatha:

                                    Hi,
                                    i want setup web server behind firewall.please tell step by step instruction for fresh installation of pfsense 2.
                                    thank you.

                                    i have pc with two NIC
                                    wan–---> real ip(xxx.xxx.xx.xx/27)
                                    LAN----->172.16.1.1/24

                                    Make your LAN 172.16.1.0/12

                                    Triggering snowflakes one by one..
                                    Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                                    1 Reply Last reply Reply Quote 0
                                    • L
                                      lankanatha
                                      last edited by May 8, 2012, 5:30 AM

                                      WANIF is alias of wan ip
                                      @cmb:

                                      That last post's screenshot is correct assuming the WANIF alias contains an IP assigned to your WAN (or an IP routed to you, or a virtual IP). What's in that alias?

                                      1 Reply Last reply Reply Quote 0
                                      • L
                                        lankanatha
                                        last edited by May 8, 2012, 6:18 AM

                                        i think you are right…this is not software error...it is hardware.hardware geometry error.
                                        my problem is very simple..but isnt work.previously i used freebsd 8 as my gateway.after thunderstorm
                                        its damaged.after that i had installed it correctly but portforwarding isnt work.this is bug of freebsd.
                                        hence i thought use pfsense as gateway and installed it on same server.but it still not working.
                                        :-(
                                        hardware error(slice error??)

                                        @nipstech:

                                        I'm having what appears to be a related problem. My pfSense 2.0.1 box was running great until a thunderstorm knocked out the power. When I tried to bring the firewall back up, the file system was corrupt to the point where I had to do an install from scratch. I used the latest config backup I had, which was from Feb 2012, but when it got to  "conifguring firewall" on the console, it would hang. So, I started from scratch. I have a web server behind the firewall that I make accessible to the outside world but whenever I try to access a web page on it, it tries to go in as https instead of http. Is there something I'm missing here? I tried the suggestions below and it still isn't working. This shouldn't be rocket science and I've done it before…

                                        Thank You,
                                        Jon

                                        1 Reply Last reply Reply Quote 0
                                        • J
                                          JSmorada
                                          last edited by May 8, 2012, 11:10 AM

                                          That could be the case. The machine was already on it's last leg; the caps on the mobo were starting to swell and the +5v on the power supply sometimes goes under voltage. Whenever I come across another pc; I'll try again.

                                          @lankanatha:

                                          i think you are right…this is not software error...it is hardware.hardware geometry error.
                                          my problem is very simple..but isnt work.previously i used freebsd 8 as my gateway.after thunderstorm
                                          its damaged.after that i had installed it correctly but portforwarding isnt work.this is bug of freebsd.
                                          hence i thought use pfsense as gateway and installed it on same server.but it still not working.
                                          :-(
                                          hardware error(slice error??)

                                          @nipstech:

                                          I'm having what appears to be a related problem. My pfSense 2.0.1 box was running great until a thunderstorm knocked out the power. When I tried to bring the firewall back up, the file system was corrupt to the point where I had to do an install from scratch. I used the latest config backup I had, which was from Feb 2012, but when it got to  "conifguring firewall" on the console, it would hang. So, I started from scratch. I have a web server behind the firewall that I make accessible to the outside world but whenever I try to access a web page on it, it tries to go in as https instead of http. Is there something I'm missing here? I tried the suggestions below and it still isn't working. This shouldn't be rocket science and I've done it before…

                                          Thank You,
                                          Jon

                                          1 Reply Last reply Reply Quote 0
                                          1 out of 23
                                          • First post
                                            1/23
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received