Can't access internal web server

  • pfSense 2.1.5 amd64
    squid3 3.1.20pkg 2.1.2

    This simple setup is taking waaay tooo long.  I have a web server on the LAN that I can access just fine from another LAN computer if I access it via IP address.  If I attempt to view the site via it's public IP or via a public URL I get the squid error page stating Error: The requested URL could not be retrieved.  Same thing happens when I try to view the site from another PC not on the LAN.

    I stopped and started squid3 and the error I'm now gettings is Unable to forward this request at this time.

    Pretty simple stuff.  Port 80 and 443 forward through the firewall to the web server.

    WAN rules:
    [empty], IPv4 TCP, *, *, [alias of web server], 80 (HTTP), *, none, [empty]

    LAN rules:
    [empty], IPv4 *, *, *, *, *, *, none, [empty]

    NAT Rule:
    WAN, TCP, *, *, WAN Address, 80 (HTTP), [alias of web server], 80 (HTTP)

    The WAN rule was built by the NAT rule automatically.

    My NAT outbound is Manual -  (AON - Advanced Outbound NAT)

    The web server Windows firewall is disabled (at this moment).

  • Looks like a NAT Reflection problem.  You can solve it by either running split DNS or by playing with the NAT Reflection options in pfSense to see if that works for you.  I ended up using split DNS myself.

  • Hi, thx for the suggestion.  So you're referring to System : Advanced : Firewall / NAT

    NAT Reflection mode for port forwards: Enable (Pure NAT)
    Enable NAT Reflection for 1:1 NAT: [Enabled/checked]
    Enable automatic outbound NAT for Reflection: [Enabled/checked]

    I'be messed with those settings a bit, I've tried turning NAT mode back to "Automatic"  Notta.

    I'll look at split DNS.  I've not used split DNS before.