Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't browse HTTP server locally

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 604 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      perdong
      last edited by

      Given information:

      Domain: mydomain.org - was used to replace the real domain name.

      external ip: 1.1.1.1
      internal network: 192.168.1.0/24

      pfsense ver: 2.1.4

      external custom http port: 4444
      internal http port: 80 (default)
      http server: apache2

      DNAT
      Internet > 4444 firewall/nat > 80: Apache

      • this scenario works, sweet!!!

      Internal http test through browser.
      LAN > 80: 192.168.1.100

      • this simple test failed.

      Then the problem begins…

      Port Test Results: (using pfsense utility)
      Connection to web.mydomain.org 80 port [tcp/http] succeeded!

      • there splitDNS is working and pfsense can resolve web.mydomain.org
      • To cut this throubleshooting short. I replaced pfsensebox with a Linksys home router. Configured NAT, DNAT and local http testing was successful. Therefore i can point out that there is something mis-configured (which i may have missed) in my pfsensebox.

      Kept digging for a fix. Found these workaround but failed.

      https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

      I did "Method1" and "Method2" but both approach failed.

      pfsense was able to resolve http server through nslookup.

      C:\Documents and Settings\admin>nslookup web.mydomain.org
      Server:  miguel.mydomain.org
      Address:  192.168.1.254

      Name:    web.mydomain.org
      Address:  192.168.1.140

      but not able to browse the site. I use "Test port" if pfsensebox can probe if there's a webserver in 192.168.1.140 which is the http server, and it was successful.

      Port Test Results:
      Connection to web.mydomain.org 80 port [tcp/http] succeeded!

      Used chrome to view the home page of the webserver, but still failed.

      Any suggestion of how to make this work at pfsense box?

      additional information:

      DNAT logs

      xxx.xxx.xxx.xxx - - [21/Jul/2014:16:23:56 +0800] "GET /?p=1 HTTP/1.1" 200 3909 "http://1.1.1.1:4444/?page_id=2" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"
      xxx.xxx.xxx.xxx - - [21/Jul/2014:16:24:00 +0800] "GET /?cat=1 HTTP/1.1" 200 2776 "http://1.1.1.1:4444/?p=1" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"
      xxx.xxx.xxx.xxx - - [21/Jul/2014:16:24:17 +0800] "GET /?cat=1 HTTP/1.1" 200 2777 "http://http://1.1.1.1:4444/?cat=1" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"
      xxx.xxx.xxx.xxx - - [21/Jul/2014:16:24:20 +0800] "GET /?m=201407 HTTP/1.1" 200 2751 "http://http://1.1.1.1:4444/?cat=1" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"

      and can't find any http traffic within the 192.168.1.0/24.

      Internet <==========>{PfSense:4444 | Pfsense:80} <=======> Apache2 (OK!)

      {LAN / Pfsense:80} <=======> Apache2 (NOT OK!)
      ^
      ||
      ||
      ||
      ||
      ||
      ||
      Workstation/PC

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.