Port Forward by Hostname
-
Hi,
I'm trying to configure a port forward by hostname, which would be handy (as the host gets it's IP address from DHCP), but when I try it (for host XXXX) I get the following error message …
The following input errors were detected:
"XXXX" is not a valid redirect target IP address or host alias.Is this expected?
Thanks!
-
Hi arrmo,
You should use an "Alias", to define sections in your setup and than reference "Aliases" in Rules and NAT definitions etc.
This way, if you make changes, you can edit the "Alias" without having to re-edit the Rules and NAT definitions.
Firewall:Aliases
-
Hi,
Makes sense, thanks! Tried adding this, but I seem to be having more basic issues with Port Forwarding. Hard coded the internal IP address and ports, but I still can't seem to get it working. It's likely me, trying to figure it out .. :(.
I did enable the system logs for the corresponding port forward, but I don't see any incoming packets in the firewall log (only outgoing). I do also note that even though I hard code the destination port, the UI still shows this as red / maroon (like it's still looking for an entry).
Is there a way to check port forwarding from the shell (or SSH)? Or a way to log incoming packets, to debug this?
Thanks again!
-
Can you post the settings you used for the NAT?
Did you also use the "Filter Rule Association" setting to automatically create a Rule also? Or manually add a "Rule" to allow the NAT.
This will output all of PFCTL's settings
pfctl -sa
-
Hi,
You bet - no problem at all. Attached shows the settings. And yes, I did allow automatic Filter Rule creation. I actually also enabled logging in that rule, but nothing seems to be showing up in the log … :(.
Thanks!
 -
Seems ok.
Do you have any Rules above this one that might be passing that traffic? If there is a rule above this one, than the second rule won't see it.
The Pic shows 192.168.2.23 buts its greyed out. Maybe just the way you created the PDF, but it should be Red/Maroon like you said earlier. The logs should show up in the "Firewall" logs.
Are you able to access the WEB Server from the Internet?
-
Hi,
The only rule above this one is "Block bogon networks" … actually, that's the only other Filter Rule, and no other Port Forwarding rules.
Correct on the grayed out - I tried to generate a PDF, then to PNG ... lost the color in the process. And yes, it's the Firewall logs I'm checking - nothing there that I can see (no incoming traffic, only outgoing it seems).
Nope, can't access the Web Server ... :(.
Will keep digging, it could be me - that's a very real possibility .. ;).
Thanks!
-
Make sure you don't have the "Block Bogons" on the LAN Side. That should only be set for the WAN.
-
Hi,
I didn't create that one (seems to be auto-created), but I just checked … and you are correct, WAN only.
Thanks!
-
OK, I may be on to something. If I manually go to WAN IP address (i.e. http://192.168.1.4/) … I get the pfSense login. So it seems that I can't port forward to a Web Server behind the pfSense box?
I just checked, and there is an "Anti-Lockout Rule" that seems to be auto-created, and it handles port 80? It also is forced to be first on the list. Trying to dig into it, to understand it.
Thanks!
-
I haven't played with a WEB Server behind pfSense, but why don't you change the pfSense GUI to HTTPS and set a port like 443 or 8080
-
Hi,
Tried that … moved it to port 8080. It worked (getting there to 8080), but still can't forward 80 through ... :(. The other odd part is that this is on the LAN side (this rule) ... the Web GUI (for pfSense) shouldn't be accessible on the WAN side, should it?
Thanks!
-
Hi,
OK, just to close the loop .. updated to the latest version, and after reboot it started working.
Thanks so much for all the help!!!