Another NAT Redirection/Port Forwarding not working thread :(

kin0kin · Dec 17, 2013, 11:47 AM

Virtual Server 192.168.1.100 is listening on port 8080

Interface: Wan
Protocol: TCP
Destination Port: HTTP (80)
Redirect Target IP: 192.168.1.100
Redirect Target Port: 8080
NAT Reflection: NAT + Proxy
Filter Rule: Rule NAT "Desc"

After some time, browser would show the correct address but unable to connect:

www.mydomain.com:8080/subdir/

The only way to connect is to

Interface: Wan
Protocol: TCP
Destination Port: 8080
Redirect Target IP: 192.168.1.100
Redirect Target Port: 8080
NAT Reflection: NAT + Proxy
Filter Rule: Rule NAT "Desc"

Is this a server end "base_url" problem or is this a pfsense problem?

nothing · Dec 20, 2013, 7:22 AM

Make sure you have disabled the "Disable webConfigurator redirect rule " option in System>Advanced.
Also check you WAN rules on the firewall.

cmb · Dec 20, 2013, 9:23 AM

Since you're getting the timeout attempting to connect to :8080, something on your web server is redirecting your request from port 80 to port 8080, which fails since it's not forwarded on 8080. The web application or something else on the web server will have to be fixed.

kin0kin · Jan 13, 2014, 3:29 PM

@nothing:

Make sure you have disabled the "Disable webConfigurator redirect rule " option in System>Advanced.
Also check you WAN rules on the firewall.

Disable webConfigurator is "unchecked"
Filter Rule in NAT is also set to "none"

It doesn't work. I can't get to my server which has an app listening at port 8080. I'm not sure if this matters, I have multiple webservers in a VM host. All are assigned a different IP and all these servers are listening on different port.

kin0kin · Jan 13, 2014, 3:46 PM

Here are the scenarios that I've tried:

Domain Host:

hostname - ip address - record type
app.domain.com - www.domain.com:8080/app - url redirect/url frame

Pf Sense
NAT Reflection mode for port forwards: disabled
Destination Port Range: 8080-8080
Redirect Target Port: 8080

Nat Reflection: use system default
Filter rule association: create new associated filter rule

Result:
www.domain.com:8080/app = works
app.domain.com = works

Domain Host:

hostname - ip address - record type
app.domain.com - www.domain.com:8080/app - url redirect/url frame

Pf Sense
NAT Reflection mode for port forwards: disabled
Destination Port Range: http
Redirect Target Port: 8080

Nat Reflection: use system default
Filter rule association: create new associated filter rule

Result:
www.domain.com/app = cannot find site
www.domain.com:8080/app = cannot find site
app.domain.com = cannot find site

Domain Host:

hostname - ip address - record type
app.domain.com - www.domain.com:8080/app - url redirect/url frame

Pf Sense
NAT Reflection mode for port forwards: disabled
Destination Port Range: http
Redirect Target Port: 8080

Nat Reflection: Nat+Proxy / Pure Nat
Filter rule association: Pass / None

Result:
www.domain.com/app = cannot find site
www.domain.com:8080/app = cannot find site
app.domain.com = cannot find site

kin0kin · Jan 14, 2014, 5:26 AM

I Noticed something interesting. Looks like only port 80 is not working with NAT reflection.

the default NAT is set to disable. In Firewall Rules I enabled NAT+Proxy. I then proceeded to setting destination port as 8089:8089 to 8080 redirect. Going to port 8089 redirects to port 8080 and I can access my webserver. If I change it back to port 80, it does not resolve 8080. What seems to be the problem? reverse proxy is enabled and is listening at port 80 btw.

EDIT: This is working now. However, reverse proxy is the one that's not working so I cannot redirect the traffic to the right server.

timthetortoise · Jan 23, 2014, 9:34 PM

"Disable webConfigurator redirect rule" needs to be checked, not unchecked. "Check this box to disable this automatically added redirect rule."