How do I Open port 80 and 443 on pfsense ?



  • Hi, I am trying to open IE from my 2012 windows home server. And also do some MS updates. But PFsense is blocking this.

    How do I Open port 80 and 443 on pfsense ?

    Thank You in advance

    Nicholas


  • LAYER 8 Global Moderator

    The default lan rule in pfsense is any any - all ports outbound would be open.  Are you wanting to forward public traffic from the internet to your server on these ports.  For example I would be able to access it if I knew your public IP?

    If so that is a port forward.  But that would not be required for your server to get windows updates from MS.



  • Yes my issue is I cannot get out onto the Internet from my Server. Is it easy to create a Port Forward in pfsense ?

    I never used it before but I've managed to install it on a VM.


  • Banned

    Getting out to Internet from LAN has exactly zero in common with port forwarding.


  • LAYER 8 Global Moderator

    Post up your lan firewall rules..  If your saying your browser can not get to the internet - first thing I would think of is has proxy set that is not available.  Do other browsers work?

    Can you ping pfsense, can you ping say 4.2.2.2 ?  What does a traceroute show?

    C:>ping 4.2.2.2

    Pinging 4.2.2.2 with 32 bytes of data:                                                           
    Reply from 4.2.2.2: bytes=32 time=11ms TTL=59                                                   
    Reply from 4.2.2.2: bytes=32 time=10ms TTL=59                                                   
    Reply from 4.2.2.2: bytes=32 time=10ms TTL=59                                                   
    Reply from 4.2.2.2: bytes=32 time=10ms TTL=59

    Ping statistics for 4.2.2.2:                                                                     
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),                                         
    Approximate round trip times in milli-seconds:                                                   
        Minimum = 10ms, Maximum = 11ms, Average = 10ms

    C:>tracert 4.2.2.2

    Tracing route to b.resolvers.Level3.net [4.2.2.2]                                               
    over a maximum of 30 hops:

    1    1 ms    <1 ms    <1 ms  pfSense.local.lan [192.168.1.253]                               
      2    18 ms    9 ms    9 ms  24.13.snipped                                                 
      3    9 ms    9 ms    9 ms  te-0-5-0-8-sur04.mtprospect.il.chicago.comcast.net [68.85.180.133]
      4    11 ms    10 ms    11 ms  68.87.230.53



  • Yes I can Ping pfsense firewall.

    ping 10.1.1.10

    Pinging 10.1.1.10 with 32 bytes of data:
    Reply from 10.1.1.10: bytes=32 time=1ms TTL=64
    Reply from 10.1.1.10: bytes=32 time<1ms TTL=64
    Reply from 10.1.1.10: bytes=32 time<1ms TTL=64
    Reply from 10.1.1.10: bytes=32 time<1ms TTL=64

    Ping statistics for 10.1.1.10:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 1ms, Average = 0ms

    tracert 10.1.1.10

    Tracing route to 10.1.1.10 over a maximum of 30 hops

    1    <1 ms    <1 ms    <1 ms  10.1.1.10

    Trace complete.

    Not Tried installing another web browser.


  • LAYER 8 Global Moderator

    can you ping 4.2.2.2?

    Tracert to IP you just pinged on the same segment doesn't tell us anything.. Also what are you lan rules?



  • YES. Amazing It works.

    C:\Users\Nick>ping 4.2.2.2

    Pinging 4.2.2.2 with 32 bytes of data:
    Request timed out.
    Reply from 4.2.2.2: bytes=32 time=37ms TTL=50
    Reply from 4.2.2.2: bytes=32 time=34ms TTL=50
    Reply from 4.2.2.2: bytes=32 time=39ms TTL=50

    Ping statistics for 4.2.2.2:
        Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 34ms, Maximum = 39ms, Average = 36ms

    C:\Users\Nick>tracert 4.2.2.2

    Tracing route to b.resolvers.Level3.net [4.2.2.2]
    over a maximum of 30 hops:

    1    3 ms    2 ms    2 ms  BThomehub.home [192.168.1.254]
      2    8 ms    8 ms    8 ms  217.32.144.161
      3    10 ms    10 ms    10 ms  217.32.144.190
      4    14 ms    12 ms    12 ms  213.120.181.206
      5    12 ms    12 ms    12 ms  217.41.169.249
      6    14 ms    14 ms    15 ms  217.41.169.109
      7    12 ms    12 ms    12 ms  acc2-xe-0-3-0.sf.21cn-ipp.bt.net [109.159.251.20
    1]
      8    18 ms    19 ms    19 ms  core1-te0-0-0-4.ealing.ukcore.bt.net [109.159.25
    1.25]
      9    17 ms    17 ms    18 ms  transit2-xe11-0-0.ealing.ukcore.bt.net [62.6.200
    .122]
    10    17 ms    16 ms    16 ms  t2c4-xe-9-2-0-0.uk-eal.eu.bt.net [166.49.168.57]

    11    17 ms    17 ms    17 ms  5-1-4.ear2.London2.Level3.net [212.187.201.133]

    12    18 ms    18 ms    17 ms  ae-234-3610.edge5.london1.Level3.net [4.69.166.5
    3]
    13    18 ms    20 ms    18 ms  ae-234-3610.edge5.london1.Level3.net [4.69.166.5
    3]
    14    35 ms    37 ms    32 ms  b.resolvers.Level3.net [4.2.2.2]

    Trace complete.

    C:\Users\Nick>






  • I still cannot get out onto the Internet from my Server. Using IE


  • LAYER 8 Netgate

    How about you post the same debugs from the server you're having trouble with?

    Looks like everything's fine from that host.



  • Whoops !

    C:\Users\Administrator>ping 4.2.2.2

    Pinging 4.2.2.2 with 32 bytes of data:
    Reply from 10.1.1.10: Destination host unreachable.
    Reply from 10.1.1.10: Destination host unreachable.
    Reply from 10.1.1.10: Destination host unreachable.
    Reply from 10.1.1.10: Destination host unreachable.

    Ping statistics for 4.2.2.2:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    C:\Users\Administrator>tracert 4.2.2.2

    Tracing route to 4.2.2.2 over a maximum of 30 hops

    1    <1 ms    <1 ms    <1 ms  pfSense.localdomain [10.1.1.10]
      2  pfSense.localdomain [10.1.1.10]  reports: Destination host unreachable.

    Trace complete.


  • LAYER 8 Netgate

    Looks like pfSense doesn't have a default gateway set.



  • Oh Boy !  Now after adding in my gateway 192.168.1.254 and clicking add my Mac Address. Something about Spoof.

    Im locked out of pfsense, my ESXi Host and my Lab !  Yikes !

    Please No Applause !


  • Banned

    Can you tell us a bit about your network?

    What is the IP address of your Gateway? The server? Subnet mask?


  • LAYER 8 Global Moderator

    1    <1 ms    <1 ms    <1 ms  pfSense.localdomain [10.1.1.10]
      2  pfSense.localdomain [10.1.1.10]  reports: Destination host unreachable.

    Why is your second hop pfsense itself?  Do you not have a gateway on wan?  Did you set one on lan..  We see this a LOT where users for some unknown reason when it cleary says not to set a gateway on LAN, point the gateway to pfsense or something out of the blue, etc..

    LAN interfaces do not have gateways set!!!  If you set them, they become wan interfaces ;)



  • Restarted ESXi Host. I was then able to vsphere client back onto Host. Then Disabled pfsense NIC's. Reset to Factory and I went through the Wizard and configured the LAN and WAN DNS everything works on my Server side now too. IE and MS Updates

    Thanks Guys. Nick Branson


  • LAYER 8 Global Moderator

    future ref.. If your running pfsense on vm infrastructure you might want to mention that in your original post ;)

    But can not really tell if pfsense is on the esxi host, or your 2k12 client?


Log in to reply