Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Fowarding Troubles, 80 forwards, 8080 doesnt from inside LAN.

    Scheduled Pinned Locked Moved NAT
    13 Posts 3 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jaredadams
      last edited by

      Heres the story.  I have a server that runs both IIS and Apache, though Apache is running on port 8080. To simply this all for outside users i created a redirect page for IIS to handle which will automatically redirect them to the proper port on Apache.

      So from my LAN when I goto http://projects.icsanalytics.com, it brings up an IIS page that redirects to http://projects.icsanalytics.com:8080.  Users are none the wiser.

      This scenario works fine from the internet.  The IIS redirect page will even display "hello".  This is how I know the port forward for the IIS port is working for 80.  Externally it redirects to 8080 just fine.

      However, when I'm inside my LAN trying to access this site I get to the IIS redirect page, but it times out on the 8080 request.

      So why would it forward properly when I'm accessing it externally, but only half work internally?

      Any help would be appreciated.  Thanks.

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi
        last edited by

        If i'm assuming correct your portforward does use external working dns-name?

        Couple of possibilities over here.

        1. Create new zone to local dns, which is same than public http://projects.icsanalytics.com and point it internal IP-address
        2. Go to System: Advanced: Firewall and NAT and remove check mark from: Disable NAT Reflection for port forwards
        1 Reply Last reply Reply Quote 0
        • D
          dimkyson
          last edited by

          Did you place the Webserver into your internal network or into DMZ (ex. OPT1)?

          1 Reply Last reply Reply Quote 0
          • J
            jaredadams
            last edited by

            @Metu69salemi:

            If i'm assuming correct your portforward does use external working dns-name?

            I'm not sure what you mean here.  Both web servers respond to the hostname, just on different ports.

            IIS is looking for hostname projects.icsanalytics.com on 80, and apache is looking for projects.icsanalytics.com on 8080.

            Lets forget the redirect for a moment.  That was probably adding too many moving parts to the equation.

            Externally I can reach both http://projects.icsananlytics.com (port 80 implied), and http://projects.icsanalytics.com:8080

            Internally I can reach http://projects.icsanalytics.com (port 80 implied) but cannot reach http://projects.icsanalytics.com:8080.

            I know the port forward itself is setup correctly as it all works as planned externally.  The "Disable NAT Reflection" is unchecked, else internally http://projects.icsanalytics.com or http://support.icsanalytics.com or any other website will just bring up the login for pfsense.

            I suppose I should also mention this system is v1.2.3.

            Thanks so much.

            1 Reply Last reply Reply Quote 0
            • J
              jaredadams
              last edited by

              @dimkyson:

              Did you place the Webserver into your internal network or into DMZ (ex. OPT1)?

              Its in the LAN, no DMZ/OptX.

              1 Reply Last reply Reply Quote 0
              • M
                Metu69salemi
                last edited by

                Shot in the dark, is there anything on apache which could cause this like ACL or something like that?
                I haven't used v1.2.3 since 2010 and combined experience of that was one month or less, so I can't help you on that

                1 Reply Last reply Reply Quote 0
                • J
                  jaredadams
                  last edited by

                  @Metu69salemi:

                  Shot in the dark, is there anything on apache which could cause this like ACL or something like that?
                  I haven't used v1.2.3 since 2010 and combined experience of that was one month or less, so I can't help you on that

                  Thanks for your quick response, you are a big help.

                  I don't know that there is.  I guess to even determine if this is happening I should check out the state table, and maybe even run a wireshark to see if any traffic at all is reaching the machine on this port when I try to access it internally.

                  1 Reply Last reply Reply Quote 0
                  • J
                    jaredadams
                    last edited by

                    I think I found the problem, this shows up in the state table when I filter by "8080"

                    127.0.0.1:19022 <- WANIP:8080 <- 192.168.0.79:49643

                    192.168.0.79 is the IP address of the local workstation I just tried to access the URL from.  I really dont know what to make of this.  Why is the request being sent to "localhost" (which is the pfsense) on that port?

                    1 Reply Last reply Reply Quote 0
                    • M
                      Metu69salemi
                      last edited by

                      Try to look with ping or nslookup what you got from pc to ping that dns name and do same from firewall

                      1 Reply Last reply Reply Quote 0
                      • J
                        jaredadams
                        last edited by

                        Pings and nslookup return my WAN IP, which is to be expected because the hostname:80 works fine.  Its only when we get into 8080 that its no good.

                        1 Reply Last reply Reply Quote 0
                        • M
                          Metu69salemi
                          last edited by

                          Then you can try method #1 from inside, use internal ip-addressing for public dns-name

                          Example from wan: ping www.yourdomain.com resolves 1.1.1.1
                          Example from lan: ping www.yourdomain.com resolves 192.168.0.25

                          1 Reply Last reply Reply Quote 0
                          • J
                            jaredadams
                            last edited by

                            It always pings to my WAN, as expected.  Our internal domain is ics.local.  The zonefile for icsanalytics.com exists elsewhere.  projects.icsanalytics.com will always ping to the same place regardless of where you ping from.

                            1 Reply Last reply Reply Quote 0
                            • M
                              Metu69salemi
                              last edited by

                              But create yourself internal domain with a-host to that internal ip.
                              host that dns sameplace as your ics.local

                              other than that i can't help you.

                              try even on host file on your computer to use that projects.icsanalytics.com to internal host.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.