PfSense 2.1 no internal access to web server box
-
Hi, I've been researching and reading the forums and trying different things including "NAT Reflection mode for port forwards" nothing seems to work.
The problem is ever since I put a pfSense box online I lost accessing my website I host in house. Here is what I have in house: (on separate boxes)
pfSense 2.1 beta box on 192.168.0.1
CentOS 6.3 box running apache on 192.168.0.99 (running Webmin)
CentOS 6.3 box running PS3mediaserver 192.168.0.60 (running Webmin)I lost access to my Media Wiki also can't access the Webmin interface on both CentOS boxes anymore. So pfSense is blocking all internal access. Now from outside I can access everything just fine so I know its some kind of setting I'm missing.
I'm new to all this and learning so bare with me.
Thanks,
Rick -
If you are using pfsense as your gateway and dns server for internal use only, then setup a host override that points the domain name to the internal address and not the external address. This is called split horizon dns. This is IMHO a better way to go than nat reflection. The results are usually faster and more stable.
-
I don't have DNS Server running. It's setup a as forwarder from what I'm seeing. How do I setup a Split horizon DNS? does this effect my DNS forwarder? Now sure how to do this.
-
Just tried the Split Horizon dns with no luck… Here is my problem. I don't have a domain name for it. I access it via a IP address example:
to access it from outside I go to xx.xx.xx.xx/mediawiki from inside I use to access it by 192.168.0.99/mediawiki now with the pfSense box install I can't access it from inside anymore.
This is what I setup in the Split Horizon DNS:
Host - mediawiki
Domain - mediawiki
IP Address - 192.168.0.99 -
I lost access to my Media Wiki
Access FROM where? If you are trying to access that service from a host on the same IP subnet (192.168.0.0/24?) then the access attempt shouldn't go through pfSense. If you are trying to access that service from a host on a different IP subnet (e.g. 192.168.10.0/24) then it would probably help us to help you if you provided more details, for example, "the access attempt to the media wiki goes in the pfSense OPTx inteface and out the pfSense OPTy interface".) If you are trying to access that service from the Internet
The problem is ever since I put a pfSense box online
It would be helpful to provide details of how you changed your network when you "put a pfSense box online".
-
I have 3 Machines running at home. Media Wiki, PS3mediaserver and pfSense box. I use to be able to access the Wiki and PS3mediaserver from my computer here at the house just by typing 192.168.0.99/mediawiki and everything worked fine including accessing it from the internet from work at http://xx.xx.xx.xx/mediawiki As for my network before when everything worked I was using a Cisco/Linksys 4200 router. I removed it and put in it's place the pfSense box this is when the LAN access issue started.
My IP addresses for the boxes:
My Computer 192.168.0.10
pfSense box 192.168.0.1
Mediawiki 192.168.0.99
PS3mediaserver 192.168.0.60Submask is 255.255.255.0 on all boxes
Gateway is the pfSense box 192.168.0.1As for going through the pfSense box I have no clue I'm very new to this. But ever since I installed the pfSense box I can't access the Mediawiki. Also can't access the Webmin on the Mediawiki box and the PS3mediaserver box and those are as this:
mediawiki - 192.168.0.99:20000
PS3mediaserver - 192.168.0.60:10000I can't access anything within the network from my computer at home, BUT I can access everything from the Internet from work just fine.
I'm really new to this and I'm learning Linux so just be patient with me… I'm a quick learner just need step by step the first time then I'm off and running.
-
Do you have a switch in place or do you have multiple NICs in the pfsense machine? If you do, do you have the interfaces bridged and rules in place to allow traffic across the bridge?
-
No switch just 2 nics in the pfSense box. I do have rules setup:
Proto Source Port Destination Port Gateway Queue Description
IPv4 TCP * * 192.168.0.99 80 (HTTP) * none NAT Media Wiki
IPv4 TCP * * 192.168.0.99 20000 * none NAT Webmin Media Wiki
IPv4 TCP * * 192.168.0.60 10000 * none NAT Webmin Media Server
IPv4 TCP * * 192.168.0.1 8443 * none NAT pfSense Web InterfaceI had to put these rules in so to access it from outside if I remove them I can't access it anymore.
-
My Computer 192.168.0.10
pfSense box 192.168.0.1
Mediawiki 192.168.0.99
PS3mediaserver 192.168.0.60Submask is 255.255.255.0 on all boxes
Gateway is the pfSense box 192.168.0.1No switch just 2 nics in the pfSense box.
Exactly what is connected to the pfSense LAN port?
You list pfSense and 3 other devices - somehow these 4 devices need to/must be connected together (4 real ethernet cables into a switch?, a cable from pfSense LAN to a WiFi Access point that other things connect to?)
Please describe exactly how the LAN-side devices are connected. -
The WAN side goes straight from my Cable modem to the WAN NIC on the pfSense box. then the LAN side goes from the LAN card in pfSense to the 8 port switch which feeds all the other computers via CAT5 cable. Not using wireless at the moment I have to get a wireless card for the pfSense box.
-
the LAN side goes from the LAN card in pfSense to the 8 port switch which feeds all the other computers via CAT5 cable.
The 3 other computers (My Computer, Mediawiki and PS3mediaserver) should all be able to talk to each other without pfSense or internet at all. So you need to get that to work - disconnect the pfSense LAN cable from the switch, then get the 3 computers working locally on the switch.
Once that is done, then connect pfSense LAN to the switch again - if a problem happens then we can try to help with it.
I guess the switch is a "plain ordinary" unmanaged switch, with no VLANs, no MAC filtering?
(If you have a fancy switch then maybe something was set in that that causes your local LAN issues)