NOOB Help!! webconfigurator port affects my port forwarding



  • Hi!

    Sorry if this is in wrong section!!

    Some basic things first:

    • I have dyndns-host domain for my public ip - dedicated pc with 2 ethernet ports

    • pfsense webgui is configured for custom port f.e 1234

    • Internal network there is Uubuntu srv where is apache2 and couple of virtual servers

    • Monitoring & configuration with Win7 / SSH / tightcnv

    • I had smoothwall before and I was able to managed my webpage with dyndns-address & internal private address f.e

    Now management tryouts are not so succeeded because when trying to manage my webapplication from Win7 pc from internal network somebody is rerouting me to that https port (same what I configured to pfsense webgui).

    For example: In win7 I am writing:

    192.168.1.xxx/nameofsomething/admin –> works ok

    but if I am trying to handle it with my dyndns-address:

    xxx.dyndns-home.com/nameofsomething/admin happens reroute -> https://xxx.dyndns-home.com:1234/nameofsomething/admin

    and there port 1234 is same what I configured to my pfsense admin access tcp port. How to solve this? I tested this for changing this weconfigurator port and this is caused from pfsense.

    Thank you for your help.



  • You need to reach just one resource (web server), one IP? Because if U tray to connect two different IP in LAN which supports various services whit just one PORT (or port Forward) there will be misunderstanding what IP to reach.. And need to be sure that port U use is not used form other service too.

    example:
    I have 2 servers in my LAN whit IPs 192.168.2.1 (vm1) and 192.168.2.2 (vm2) . Have a domain xxxx.eu too and I want to connect to the servers from INTERNET through the router. First i add on my hosting new 2 addresses that point to my router WAN IP (vm1.xxxx.eu = IP: 202.202.100.xxx, then vm2 point to same IP 202.202.100.xxx). But how to connect same service on two  different servers (in my case was about access two VMware ESXi hosts by VMware vSphere)? Need port forward but i can't use same port for the connection service, because if type vm1.xxxx.eu:123 i connect to vm1 server. When i use the same vm2.xxxx.123 it's open vm1 again. So the decision was two different ports (port forwards) respectively for vm1 server and the other vm2 server. Then if i type vm1.xxxx.eu:123 i connect to vm1 through my router and if i type vm2.xxxx.eu:1234 connect to vm2.



  • Hmm… I think Iknow what is my problem (but don't know how to fix it). First I am trying to tell my conf:

    • dyndns-service xxx.dyndns-home.com - which targets my public dynamic ip.

    • pfsense firewall, wan-address that dynamic ip and internal ip-network at 192.168.1.0/24

    • One linux server where limesurvey and couple other services address 192.168.1.y

    • One win7 workstation where i can manage everything 192.168.1.z

    • NAT is ports 80, 443 and xxxxx  for that linux server.

    • pfsense hostname is pfsense and

    • Domain is xxx.dyndns-home.com (so this is same what I have) and only https

    So could this cause problem because I put my "same domain" in the General Setup Domain?

    So when I am trying to reach that linux-server from my win7 machine xxx.dyndns-home.com/plaplaaplaa..... then my pfsense feels that this request is for it for some reason? What I should put in pfsense domain-part? Is it have to be my "domain"?



  • I've seen this behavior with a lot of forum software as well as word press…

    Using wordpress as a common example.. if you originally set up word press and set, in the settings, the host name/ip address to be your Local lan ip address (We will use 192.168.1.102 as an example) and set up the web page like you want it viewed from the outside it will seem to work perfectly when you are on the lan. When you later set up the port forwarding and dynamic dns to point to the external ip address, wordpress is still trying to reference 192.168.1.102 for resources even when you are coming from an external connection.

    If this is what is happening, try to change the IP address/host names in the setting of your web software to reflect your external IP and try it again.. You can also make a very simple, non-dynamic file like "test.txt" with something like "This is a test" in it and stick it some place like https://xxx.dyndns-home.com:1234/nameofsomething/admin/test.txt . If you can access that file perfect from both the inside and outside than it is probably something along the lines of the wordpress example I mentioned and you Likely had NAT Hairpinning/reflection enabled on your firewall and no longer do now.


  • Netgate Administrator

    This is almost certainly because the URL you're using resolves to the pfSense WAN address. There are several workarounds explained here:
    https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

    Steve



  • Hmm… sorry I am noob... :o I tried to split dns but it seems not to help...

    Every time I am trying to access my web-server with public dns xxx.dyndns-home.com/serveradmin something reroutes it to https://xxx.dyndns-home.com/serveradmin??!!

    I edited host in DNS Forwarder but still if I am writing url xxx.dyndns-home.com in URL its open pfsense web-page.

    What really means domain in general setup section? What if I am changing it to something else? Does it affects something??


  • Netgate Administrator

    So it's still redirecting you to the pfSense webgui?
    You might need clear the DNS cache on your client machine.
    Try using the NAT reflection method instead if that doesn't work.

    Steve



  • Yes, it is still redirecting me to webgui if I write my dyndns-address only. And if I write full address f.e:

    xxx.dyndns-home.com/limesurvey/index.php/admin –> 404 not found. So not anymore rerouting https but address is unreachable.

    I have newest version of pfsense and System -Advanced is different than manual. But in section "NAT Reflection mode for port forwards" I have "Disable". What it should be? There is choices: Enable (NAT+proxy) and Enable (pure NAT).



  • Damn, Fuck and all other bad words…. :-\ :-\ :'( :'( ??? ??? ::) ::)

    This f....ing mess was my own fault... When installing this new system I had to do some things to check connection etc... which means that I had configured google dns-servers on my Win7 machine. Now after I checked it and changed nameserver automatic (which means pfsense) everything works ok. Sorry for bothering you all!!!


  • Netgate Administrator

    Easily done.  ;)

    Steve