Port Fowarding Troubles, 80 forwards, 8080 doesnt from inside LAN.
-
If i'm assuming correct your portforward does use external working dns-name?
Couple of possibilities over here.
- Create new zone to local dns, which is same than public http://projects.icsanalytics.com and point it internal IP-address
- Go to System: Advanced: Firewall and NAT and remove check mark from: Disable NAT Reflection for port forwards
-
Did you place the Webserver into your internal network or into DMZ (ex. OPT1)?
-
If i'm assuming correct your portforward does use external working dns-name?
I'm not sure what you mean here. Both web servers respond to the hostname, just on different ports.
IIS is looking for hostname projects.icsanalytics.com on 80, and apache is looking for projects.icsanalytics.com on 8080.
Lets forget the redirect for a moment. That was probably adding too many moving parts to the equation.
Externally I can reach both http://projects.icsananlytics.com (port 80 implied), and http://projects.icsanalytics.com:8080
Internally I can reach http://projects.icsanalytics.com (port 80 implied) but cannot reach http://projects.icsanalytics.com:8080.
I know the port forward itself is setup correctly as it all works as planned externally. The "Disable NAT Reflection" is unchecked, else internally http://projects.icsanalytics.com or http://support.icsanalytics.com or any other website will just bring up the login for pfsense.
I suppose I should also mention this system is v1.2.3.
Thanks so much.
-
Did you place the Webserver into your internal network or into DMZ (ex. OPT1)?
Its in the LAN, no DMZ/OptX.
-
Shot in the dark, is there anything on apache which could cause this like ACL or something like that?
I haven't used v1.2.3 since 2010 and combined experience of that was one month or less, so I can't help you on that -
Shot in the dark, is there anything on apache which could cause this like ACL or something like that?
I haven't used v1.2.3 since 2010 and combined experience of that was one month or less, so I can't help you on thatThanks for your quick response, you are a big help.
I don't know that there is. I guess to even determine if this is happening I should check out the state table, and maybe even run a wireshark to see if any traffic at all is reaching the machine on this port when I try to access it internally.
-
I think I found the problem, this shows up in the state table when I filter by "8080"
127.0.0.1:19022 <- WANIP:8080 <- 192.168.0.79:49643
192.168.0.79 is the IP address of the local workstation I just tried to access the URL from. I really dont know what to make of this. Why is the request being sent to "localhost" (which is the pfsense) on that port?
-
Try to look with ping or nslookup what you got from pc to ping that dns name and do same from firewall
-
Pings and nslookup return my WAN IP, which is to be expected because the hostname:80 works fine. Its only when we get into 8080 that its no good.
-
Then you can try method #1 from inside, use internal ip-addressing for public dns-name
Example from wan: ping www.yourdomain.com resolves 1.1.1.1
Example from lan: ping www.yourdomain.com resolves 192.168.0.25 -
It always pings to my WAN, as expected. Our internal domain is ics.local. The zonefile for icsanalytics.com exists elsewhere. projects.icsanalytics.com will always ping to the same place regardless of where you ping from.
-
But create yourself internal domain with a-host to that internal ip.
host that dns sameplace as your ics.localother than that i can't help you.
try even on host file on your computer to use that projects.icsanalytics.com to internal host.