Cannot Access Web Server From Internal Network

LukeK · Mar 11, 2013, 8:32 PM

So this is weird. My web server is in my internal network. It can be accessed just fine outside of my internal network. But on the inside it cannot be accessed. HTML traffic runs on port 8080 instead of the usual port 80. Does that have anything to do with it? Do I have some kind of conflict?

Thanks in advance,

Luke K.

johnpoz · Mar 11, 2013, 9:13 PM

Are you trying to access it via its PUBLIC ip or the ip on your internal nework. If your on the internal network trying to use its external IP then you have to enable nat reflection in pfsense to do that.

Its just simpler to access its local name/ip vs bouncing off pfsense wan interface just to get forwarded back into your internal network.

Klaws · Mar 12, 2013, 9:35 AM

I prefer the simple DNS host override. I configure the pfSense DNS relay to answer the local IP addresses for the servers' hostnames.

johnpoz · Mar 12, 2013, 12:24 PM

^exactly! Have you local name resolution resolve to the local IP. Then you can still use say www.yourdomain.tld on the outside or the inside.

LukeK · Mar 12, 2013, 5:02 PM

This sounds like the solution I'm looking for… but how do I do it? My webserver only uses it's public IP address xxx.xxx.xxx.xxx not a domain name. When I go to "SERVICES | DNS FORWARDER" and add an entry to the Host Overrides section I don't know how I'm suppose to fill out the form. Am I even in the right place? On my internal network the IP Address is 192.168.1.10

This is how i filled out my host overrides entry:

Host = webserver (I didn't have any clue what I should put here)
Domain = My Public IP Address
IP = 192.168.1.10 (My Internal IP Addresss)
Description = blank

phil.davis · Mar 12, 2013, 5:13 PM

Let's say you public IP is 66.77.88.99
If the DNS external name of your site is www.mybusiness.org then from outside that translates to 66.77.88.99 when you type the name into a browser (or whatever) and off it goes to connect.
So, in host overrides, put
Host = www
Domain = mybusiness.org
IP = 192.168.1.10
Description = whatever you like

Now, from on your LAN, when you type www.mybusiness.org into a client browser, it will translate to 192.168.1.10 and get straight to your server on the LAN.
Of course, if your users have not been using a name for the server, but have actually learnt the public IP and been typing 66.77.88.99 into their browser from outside on the net, then they they will have to learn a new "magic number" to access from inside - 192.168.1.10

johnpoz · Mar 12, 2013, 5:27 PM

^ or just give your server a local name, say your local domain is local.lan since sounds like you don't have a public registered domain name.

Then in your host overrides create record
host = servername
domain = local.lan
IP = 192.168.1.10

Now you can access that server via the name servername.local.lan or via the private IP address 192.168.1.10.

So curious are you forwarding 8080 to 80 on pfsense or is server listening on 8080

So outside sounds like they access it via http://publicIP:8080

If server is listening on 8080 then internally if you create a host name for it, you would still have to call out the :8080 so http://servername.local.lan:8080 or http://192.168.1.10:8080

There is one thing if 80 is blocked inbound to use 8080, but there is little reason to use that internally, I would have the server listen on 80 (default http port) and on pfsense just forward 8080 to 80.. This way you could use internally just the IP or name you created http://192.168.1.10 or http://servername.local.lan and wont need to add the :8080 to the url you use when accessing it from your local network.

LukeK · Mar 12, 2013, 5:26 PM

We do not have a DNS name for our public IP Address. That being said I would like the users to use the public ip address even when they are in the inside network. From what your telling and what I've gathered this is not possible… is that correct?

Luke K.

LukeK · Mar 12, 2013, 5:28 PM

The stupid reasoning for me wanting the users to use the public ip address even when they are in the internal network is that my dumb web programmer hard coded the public ip address in our website.

johnpoz · Mar 12, 2013, 5:29 PM

No if your wanting users to use http://publicIP:8080 be it they are inside or outside your network - just turn on NAT reflection in pfsense.

And then FIRE/SLAP your web guy if he hard codes IPs into stuff - you should never ever ever HARD code IPs - IPs CHANGE!! While if using names, you can just change the IP the name points too.

LukeK · Mar 12, 2013, 5:30 PM

Okay thanks so much.

Luke K.