PROBLEMS AFTER UPGRADE



  • I have upgraded my pfsense with a fresh install and tried to restore details from a back up but this fails on every back up.  I have got my firewall working ok again but my problem is I have a web server running ESXI and VMWare but I cannot get access from the internet through my firewall to my web server. 
    This must be a setting in the firewall but as I cannot get the correct details from the old back up to coincide with the latest settings.
    Can anyone please help with sorting this problem.  Do I need to set the web server details in the NAT?
    Thanks in advance


  • Netgate Administrator

    What version of pfSense was the config backed up from?

    If your web server is behind pfSense and pfSense is in a standard configuration (NATing, firewalling, routing) then, yes, you need to add a port forward rule to allow traffic from the WAN to reach the server.

    Steve



  • Version of pfsense was v3. Have tried to restore from back up but fails every time.

    I have set a NAT port forward from Source Address (external IP) to Dest IP (internal IP of web server) Is this correct?

    Many thanks for your help.

    My best mate set this up but his girlfriend destroyed a 20 year friendship.


  • Netgate Administrator

    @Tigerpaws3400:

    My best mate set this up but his girlfriend destroyed a 20 year friendship.

    That doesn't sound like fun.  :(

    pfSense hasn't reached V3 yet so it probably wasn't that.  ;) More likely it was 1.2.3?

    The port forward should almost certainly be:

    protocol: tcp
    source address: any  (it's from anywhere on the internet)
    sourec port: any
    destination address: WAN address
    destination port: 80 (unless you want to use a more obscure port here to reduce drive by hacking attempts)
    NAT IP: address of your internal webserver
    NAT port: 80

    Leave the 'filter rule association' setting as default so that it creates a firewall rule for you.

    Steve



  • This is from the header of the back up file

    <pfsense><version>3.0</version>

    I have set the NAT as suggested but can still only get to my web site via internal network

    www.impressa-sports.co.uk -  IP  80.229.195.208

    Thanks for your help</pfsense>


  • Netgate Administrator

    Ah, OK that's the config file version not the pfSense version. The most recent version is 10.1 so I guess your backup file is quite old!

    Where are you testing the port forward from? To test it correctly you need to be coming from an external public IP address. Otherwise:
    https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

    Steve


Log in to reply