How do I externally access an Apache server thats behind pfSense
-
Hi,
I've set up Apache/2.2.3 on CentOS 5 on our local network. Now I can access the Apache landing page from any PC on the internal network but when I try to access it externally i'm getting a "503 Service Unavailable" error message.
I'm guessing I need to add some rules to pfSense to allow external PC's to communicate with it. I've pointed a domain name at our WAN's static IP gateway. I can ping this domain and the IP is correct. I've added a NAT rule in pfSense to port forward ports 80 and 443 to the internal IP address of the Apache PC but this hasn't changed anything.
Advice on what settings I need to change and what rules I need to implement would be appreciated. Is there some other ports I need to forward to be able to communicate with the Apache server?
-
Did you change the port of the WebGUI to something different than the ports on which you want to serve your page?
-
Did you change the port of the WebGUI to something different than the ports on which you want to serve your page?
sorry could you be more specific, do you mean the ports within the pfSense webGUI?
-
Sorry I understand now. I changed pfSense's webGUI to port 85, I also enabled NAT Reflection.
Whats happening now is i'm able to access the site on port 443 (https) but still can't access it externally from port 80 (http)
Do I need to have port forward NAT rules in place to get this to work?
-
I've added a NAT rule in pfSense to port forward ports 80 and 443 to the internal IP address of the Apache PC but this hasn't changed anything.
I thought you did that.
If not: yes you need it. -
I've added a NAT rule in pfSense to port forward ports 80 and 443 to the internal IP address of the Apache PC but this hasn't changed anything.
I thought you did that.
If not: yes you need it.Sorry yes, I had done that I was just inquiring whether it was necessary.
Ok I seem to have it working now anyway, I did a reset of the state table and I can now access the apache landing page on http and https. Glad it was that easy in the end, thought it was going to be like the headache I went through setting up the multi-wan load balancer, lol.