Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall Rules do not seem to work, cannot access web1 (opt1) from LAN side

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 921 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gpapaiko
      last edited by

      Hi,

      I have a strange firewall issue.
      I have 4 public IP’s that are mapped to 4 internal IP’s.
      Once of the WEB servers is on the public IP -  that is mapped to an internal IP and has it’s own NIC (WEB1).
      I can get to the web pages from any external source – So I know the 1:1 mapping are working, and the firewall rules are working as well.

      The issue is that I cannot get to it from my LAN (my LAN and WEB are on different NICs [LAN & WEB1] and different IP address ranges [ 192.x.x.x & 10.10.x.x].)

      Firewall rules:
      WAN side:
      Any , port 80 to WEB1( 10.10.10.10) port 80
      Any , Port 443 to WEB1 ( 10.10.10.10) port 443
      LAN Net, Port ANY to WEB1 Net Port Any

      LAN Side ( I think this is not really required but added):
      Lan Net port any to WEB1 Net Port Any
      WEB1 Side ( I think this is not really required but added):
      Lan Net port any to WEB1 Net Port Any

      If more details are required please let me know and I can post.

      Thanks
      George

      1 Reply Last reply Reply Quote 0
      • R
        RyujinJakka
        last edited by

        Please post screen shots of your firewall rules for LAN and OPT1. Also are you using the internal IP address or the external?

        1 Reply Last reply Reply Quote 0
        • G
          gpapaiko
          last edited by

          There is nothing in the logs either.
          As I said I can get to it from the outside but not from with in the LAN site of it.

          I am using internal IP address.

          See attached photos of the firewall rules for the required interfaces:

          1-to-1-mappings.JPG
          1-to-1-mappings.JPG_thumb
          Vitrual_IPs.JPG
          Vitrual_IPs.JPG_thumb
          FW_LAN.JPG
          FW_LAN.JPG_thumb
          FW_OPT1.JPG
          FW_OPT1.JPG_thumb
          FW_WAN.JPG
          FW_WAN.JPG_thumb
          WAN_interface.JPG
          WAN_interface.JPG_thumb
          LAN_interface.JPG
          LAN_interface.JPG_thumb
          OPT1_interface.JPG
          OPT1_interface.JPG_thumb
          NetworkLayout.jpg
          NetworkLayout.jpg_thumb

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            This is a question that is literally asked every day here.

            https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

            1 Reply Last reply Reply Quote 0
            • G
              gpapaiko
              last edited by

              Hi Thanks to all for the pinters.,

              Resolved, but the link did not really help.

              The real issues this time was with the DNS setting on the client - they were hard coded and not being picked up from the DHCP servers.
              Reconfigured NIC and ALL worked well.

              Next time return to basics…. My BAD -  :-[

              Regards
              George

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.