PROBLEMS AFTER UPGRADE

Tigerpaws3400

I have upgraded my pfsense with a fresh install and tried to restore details from a back up but this fails on every back up.  I have got my firewall working ok again but my problem is I have a web server running ESXI and VMWare but I cannot get access from the internet through my firewall to my web server. 
This must be a setting in the firewall but as I cannot get the correct details from the old back up to coincide with the latest settings.
Can anyone please help with sorting this problem.  Do I need to set the web server details in the NAT?
Thanks in advance

stephenw10

What version of pfSense was the config backed up from?

If your web server is behind pfSense and pfSense is in a standard configuration (NATing, firewalling, routing) then, yes, you need to add a port forward rule to allow traffic from the WAN to reach the server.

Steve

Tigerpaws3400

Version of pfsense was v3. Have tried to restore from back up but fails every time.

I have set a NAT port forward from Source Address (external IP) to Dest IP (internal IP of web server) Is this correct?

Many thanks for your help.

My best mate set this up but his girlfriend destroyed a 20 year friendship.

stephenw10

@Tigerpaws3400:

My best mate set this up but his girlfriend destroyed a 20 year friendship.

That doesn't sound like fun.  :(

pfSense hasn't reached V3 yet so it probably wasn't that.  ;) More likely it was 1.2.3?

The port forward should almost certainly be:

protocol: tcp
source address: any  (it's from anywhere on the internet)
sourec port: any
destination address: WAN address
destination port: 80 (unless you want to use a more obscure port here to reduce drive by hacking attempts)
NAT IP: address of your internal webserver
NAT port: 80

Leave the 'filter rule association' setting as default so that it creates a firewall rule for you.

Steve

Tigerpaws3400

This is from the header of the back up file

<pfsense><version>3.0</version>

I have set the NAT as suggested but can still only get to my web site via internal network

www.impressa-sports.co.uk -  IP  80.229.195.208

Thanks for your help</pfsense>

stephenw10

Ah, OK that's the config file version not the pfSense version. The most recent version is 10.1 so I guess your backup file is quite old!

Where are you testing the port forward from? To test it correctly you need to be coming from an external public IP address. Otherwise:
https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

Steve