New install 2 questions

ozz

I have managed to install the firewall without problems, I am puzzled in regards to 2 correlated issues.
1- I have (default state) admin access via WAN enabled which I would like to disable
2- I host sites behind the firewall but any attempt to reach then result in redirection to https.
Can you assist with this piece of configuration or point me to the manual?
Thanks,

Ozz.

wallabybob

In the absence of any other information I am guessing you want to port forward port 80 on the WAN interface to the single system hosting your web sites. Correct? If so, add appropriate rule to Firewall -> NAT on the Port Forward tab. Then reset firewall states: Diagnostics -> States then the Reset States tab.

ozz

@wallabybob:

In the absence of any other information I am guessing you want to port forward port 80 on the WAN interface to the single system hosting your web sites. Correct? If so, add appropriate rule to Firewall -> NAT on the Port Forward tab. Then reset firewall states: Diagnostics -> States then the Reset States tab.

Thanks for the answer, I guess I was not too clear, what happens is that when I try to reach my websites internally it gets redirected from http to https.
I have WAN, LAN and OPT, which is the zone where I have my webserver.
Is there any further configuration to allow viewing the sites from WAN or LAN? (besides what you already posted above?)
Thanks again!

Ozz.

ozz

Here is the answer:
http://forum.pfsense.org/index.php/topic,57349.0.html
Cheers,

Ozz.

johnpoz

That thread is about nat reflection - which no where in your post did you state where you were trying to access these sites from.  You would have to assume from outside your firewall - since the normal operation in accessing a site while on that network would be to access it via its common IP on your own network.

Also you state that wan admin access is "default" - that is not the case.  You can not access admin gui of pfsense from wan in a default state of pfsense.

You would have to configure firewall rules to allow access to web gui/ssh from wan - which is not a recommended configuration.

Glad you got what you wanted sorted, but you really need to accurately convey your issue and your setup if don't want people guessing what your question/problem is.

ozz

@johnpoz:

That thread is about nat reflection - which no where in your post did you state where you were trying to access these sites from.  You would have to assume from outside your firewall - since the normal operation in accessing a site while on that network would be to access it via its common IP on your own network.

Also you state that wan admin access is "default" - that is not the case.  You can not access admin gui of pfsense from wan in a default state of pfsense.

You would have to configure firewall rules to allow access to web gui/ssh from wan - which is not a recommended configuration.

Glad you got what you wanted sorted, but you really need to accurately convey your issue and your setup if don't want people guessing what your question/problem is.

You know what, you are absolutely right!
I was a bit short on time to get this sorted out and the fact that my problem description sucked completely did not help anyone…

Question 1: I got slightly confused as I tried to access the wan from within lan and never thought about the firewall accepting it as I was testing from inside.

Question 2: I was trying to see my sites behind opt1 from LAN and got the NAT reflection issue.

Stress sometimes work for you, sometimes against!
Thanks and sorry for wasting your time!

Ozz.