Port 80 keeps redirecting



  • Hello,

    I am having a weird issue when I am forwarding an ip from a webserver behind the firewall out the wan on port 80. I can access the website with the ip, but if I use the domain name of the firewall, it forwards to the pfsense management port. It forwards on both lan and wan, and even if I disable the rule to allow for wan access to the management, it still forwards port 80. I have tried nat reflection and checked the box in the advanced settings to disable web forwarding, but the problem persists.

    Am I missing something here?
    I'd rather users go to the domain of the firewall then it's ip to access the site.





  • @chpalmer:

    Search is your friend!  :)

    https://forum.pfsense.org/index.php?topic=97084.0

    I have already tried everything in that thread except for 1:1 as I cant do that. I only have one wan address.



  • Read this one?

    https://forum.pfsense.org/index.php?topic=97084.msg540934#msg540934

    WebGUI redirect
      Disable webConfigurator redirect rule
    When this is unchecked, access to the webConfigurator is always permitted even on port 80, regardless of the listening port configured. Check this box to disable this automatically added redirect rule.



  • @chpalmer:

    Read this one?

    https://forum.pfsense.org/index.php?topic=97084.msg540934#msg540934

    Yes, I disabled that long ago. I can access the website through the ip of the pfsense box as well. So all that is working. but the problem happens when I use the domain name for it, it redirects to the set port of the web configurator (8443)


  • Banned



  • @doktornotor:

    https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

    Hmm, I tried both those methods and it still is redirecting. Looks like it may be my issue though.


  • Banned

    @OhYou_:

    Hmm, I tried both those methods and it still is redirecting.

    No, you did not. Because if you tried, you'd never hit the pfSense box with the HTTP traffic. LAN -> LAN traffic does NOT go through the default GW. Fix your DNS.


  • Rebel Alliance Global Moderator

    "I'd rather users go to the domain of the firewall then it's ip to access the site."

    then as dok suggest fix your name resolution so clients behind pfsense trying to go to something.yourdomain.tld resolve the local IP vs the public one.  People outside pfsense would resolve your public IP.

    Done!  Clean, easy no issues with reflection, faster your not hitting your firewall just to be sent back in, etc…



  • I could just setup dns to go to the website on the lan, but no one accesses it there. the firewall wan is on a private network, and behind it are just a few servers.


  • Banned

    So you are essentially solving a non-issue, or what? Then use the IP to access. Ktnxbye.



  • The people I'm doing this for want to use the hostname, not the ip though. I dont see why I can not use a hostname the same as an ip… This seems like such a basic feature.


  • Banned

    Then fix the DNS! You can use it just fine – once you point to place where the damned service is actually running!

    Christ almighty. Argh.



  • @doktornotor:

    Then fix the DNS! You can use it just fine – once you point to place where the damned service is actually running!

    Christ almighty. Argh.

    I dont see how it can be a dns issue, I am accessing it from the wan. the dns server for the wan is ran by the university staff. even if I did have access to it, I'm not sure dns servers can point to a port. A nslookup gave me with just the ip address for the firewall as well.

    After exploring further, I disabled https and now it works. I go to the wan ip from the wan side on port 80, and it goes to the internal website, I go to the configuration site port on 8443 and it goes to the web configuration site as expected.

    But I cant leave https disabled, the network rules are very strict here and the firewall must be as secure as possible. So after testing that, I re-enabled https, and now it works as expected. I go to http://pfsense.uc.xxx.edu and it goes to the internal website. I go to https://pfsense.uc.xxx.edu:8443 and it goes to the web config.

    So in short, I disable https, and re-enable it, and now it works…
    5ish hours of work, to basically turn it off and on again...

    I also cant access the web configuration from a different device but I can access the website... I cant even right now though, so I'll deal with that later.

    Thanks for the help everyone though.


  • Banned

    What redirects your from WAN?!?

    Your public DNS points to the WAN IP
    Your private DNS on LANs behind pfsense points to the internal IP
    You disable the damned HTTP webGUi redirect.
    Done!

    How on earth did we get to HTTPS all of a sudden here, considering the thread's subject? Just move the pfSense HTTPS WebGUI to another port! Why would you run both on same port? Why are you actually actively causing problems to yourself?

    Still don't get it? Well, get a paid support.



  • @doktornotor:

    What redirects your from WAN?!?

    Your public DNS points to the WAN IP
    Your private DNS on LANs behind pfsense points to the internal IP
    You disable the damned HTTP webGUi redirect.
    Done!

    How on earth did we get to HTTPS all of a sudden here, considering the thread's subject? Just move the pfSense HTTPS WebGUI to another port! Why would you run both on same port? Why are you actually actively causing problems to yourself?

    Still don't get it? Well, get a paid support.

    Sorry for being a bit vague, I'm not sure if I have explained it clearly enough?

    Basically,  I have about 6 compute servers and a freenas box behind the firewall, The freenas box also runs a website. thats it. No users on the lan. Just the servers.
    Then the wan side of the firewall connects directly to the University network.
    The university network handles the dns.
    I'd rather give out a normal url (ex: http://google.com) to students then a numerical IP (ex: 1.2.3.4) so they can access the webserver.
    The webserver ran on port 80 and was port forwarded to the wan.
    The internal address of the firewall was also port forwarded out port 8443 (management interface port).

    The problem I was having was that I set it all up to the best of my knowledge and with the help of a few guides, but:
    I COULD access both the webserver running off the freenas, as well as the management interface using the numerical IP, from the WAN.
    I COULD NOT access the webserver hosted on the freenas using the hostname (pfsense.uc.xxx.edu) from the WAN. Only the management interface.

    When I tried going to the webserver using http://pfsense.uc.xxx.edu it would literally change the url to https://pfsense.uc.xxx.edu:8443

    So When I set the webconfigurator protocol to HTTPS from HTTP (under System: Advanced: Admin Access) It stopped redirecting the url
    When I set it back to HTTPS, It continued to NOT redirect it. Everything worked.

    Thats why I was a bit confused. It should have worked, but it didnt.


  • Banned

    Dude, you are just not reading. If you have no users on LAN, then you are solving a non-issue regarding DNS. Otherwise, kindly draw a network diagram.

    The webserver ran on port 80 and was port forwarded to the wan.

    WTF?! You have it all backwards… And for goddamn sake start testing from WAN. There's nothing redirecting from there. Non issue. Sigh.


  • Netgate

    I am having a weird issue when I am forwarding an ip from a webserver behind the firewall out the wan on port 80.

    That's from the OP and you are thinking about it exactly backwards.

    You are not forwarding an ip from a server behind the firewall out the wan on port 80.

    You are forwarding requests from the internet to the WAN address on port 80 to a server behind the firewall.

    Register a domain, host it on HE.net free, and point names at whatever IPv4 or IPv6 addresses you want.



  • @doktornotor:

    Dude, you are just not reading. If you have no users on LAN, then you are solving a non-issue regarding DNS. Otherwise, kindly draw a network diagram.

    The webserver ran on port 80 and was port forwarded to the wan.

    WTF?! You have it all backwards… And for goddamn sake start testing from WAN. There's nothing redirecting from there. Non issue. Sigh.

    the WAN PORT of the firewall is connected to another LAN. it's a lan within a lan. it does not even connect to the internet directly. So of course there are no users on the pfsense lan. they are all on the other.

    There is definitely something redirecting on "wan" considering I made a rule to allow access to the web configurator from the "wan".

    Either way, problem solved. it was bugged, I restarted it, it worked properly then. I'd draw a diagram, but meh.



  • Glad you got it sorted.  When looking for help always talk about the network connected to the WAN as a WAN. People around here cannot read minds! (No matter what they tell you)  :)