4. Can't browse HTTP server locally

Can't browse HTTP server locally

  • P

    Given information:

    Domain: mydomain.org - was used to replace the real domain name.

    external ip: 1.1.1.1
    internal network: 192.168.1.0/24

    pfsense ver: 2.1.4

    external custom http port: 4444
    internal http port: 80 (default)
    http server: apache2

    DNAT
    Internet > 4444 firewall/nat > 80: Apache

    • this scenario works, sweet!!!

    Internal http test through browser.
    LAN > 80: 192.168.1.100

    • this simple test failed.

    Then the problem begins…

    Port Test Results: (using pfsense utility)
    Connection to web.mydomain.org 80 port [tcp/http] succeeded!

    • To cut this throubleshooting short. I replaced pfsensebox with a Linksys home router. Configured NAT, DNAT and local http testing was successful. Therefore i can point out that there is something mis-configured (which i may have missed) in my pfsensebox.

    Kept digging for a fix. Found these workaround but failed.

    https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

    I did "Method1" and "Method2" but both approach failed.

    pfsense was able to resolve http server through nslookup.

    C:\Documents and Settings\admin>nslookup web.mydomain.org
    Server:  miguel.mydomain.org
    Address:  192.168.1.254

    Name:    web.mydomain.org
    Address:  192.168.1.140

    but not able to browse the site. I use "Test port" if pfsensebox can probe if there's a webserver in 192.168.1.140 which is the http server, and it was successful.

    Port Test Results:
    Connection to web.mydomain.org 80 port [tcp/http] succeeded!

    Used chrome to view the home page of the webserver, but still failed.

    Any suggestion of how to make this work at pfsense box?

    additional information:

    DNAT logs

    xxx.xxx.xxx.xxx - - [21/Jul/2014:16:23:56 +0800] "GET /?p=1 HTTP/1.1" 200 3909 "http://1.1.1.1:4444/?page_id=2" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"
    xxx.xxx.xxx.xxx - - [21/Jul/2014:16:24:00 +0800] "GET /?cat=1 HTTP/1.1" 200 2776 "http://1.1.1.1:4444/?p=1" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"
    xxx.xxx.xxx.xxx - - [21/Jul/2014:16:24:17 +0800] "GET /?cat=1 HTTP/1.1" 200 2777 "http://http://1.1.1.1:4444/?cat=1" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"
    xxx.xxx.xxx.xxx - - [21/Jul/2014:16:24:20 +0800] "GET /?m=201407 HTTP/1.1" 200 2751 "http://http://1.1.1.1:4444/?cat=1" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"

    and can't find any http traffic within the 192.168.1.0/24.

    Internet <==========>{PfSense:4444 | Pfsense:80} <=======> Apache2 (OK!)

    {LAN / Pfsense:80} <=======> Apache2 (NOT OK!)
    ^
    ||
    ||
    ||
    ||
    ||
    ||
    Workstation/PC

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy