NAT 443 from WAN to internal web server



  • Hello,

    I am having an issue where I am unable to pass 443 traffic from WAN to one of my internal servers. I have changed the PFSENSE port to 9443, and that works fine. When I try and NAT 443 for my internal web server the traffic never passes. Hopefully I am missing something easy. NAT works on other ports that I am passing through just fine.

    Any thoughts?



  • Where are you testing from?

    Also, more information is required to help you troubleshoot. Some info on your LAN/WAN setup and a SS of your firewall rules would be a good start.



  • I am testing from say my iPhone on LTE to see if I can access the web server on 443. Again, I have Blue Iris passing through on 81 just fine. Right now I have wan coming in and going to 3 different interfaces. I have a internal interface, Guest, and Camera. The guest is just a sectioned off network for wireless guests and then Internal is where I have the web servers and my other networking gear. Cameras is a private locked down network that doesn't have access to anything and doesn't need access to anything.

    I am trying to pass 443 from WAN to Internal

    Screen Shots attached.

    Edit: added web interface picture to show 9443

    Thanks for the help.

    ![Screen Shot 2015-12-13 at 4.50.15 PM.png](/public/imported_attachments/1/Screen Shot 2015-12-13 at 4.50.15 PM.png)
    ![Screen Shot 2015-12-13 at 4.50.15 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-12-13 at 4.50.15 PM.png_thumb)
    ![Screen Shot 2015-12-13 at 4.49.58 PM.png](/public/imported_attachments/1/Screen Shot 2015-12-13 at 4.49.58 PM.png)
    ![Screen Shot 2015-12-13 at 4.49.58 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-12-13 at 4.49.58 PM.png_thumb)
    ![Screen Shot 2015-12-13 at 4.55.05 PM.png](/public/imported_attachments/1/Screen Shot 2015-12-13 at 4.55.05 PM.png)
    ![Screen Shot 2015-12-13 at 4.55.05 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-12-13 at 4.55.05 PM.png_thumb)



  • Did you try disabling WebGUI Redirect?

    Disable webConfigurator redirect rule
    When this is unchecked, access to the webConfigurator is always permitted even on port 80, regardless of the listening port configured. Check this box to disable this automatically added redirect rule.



  • I have already done that after searching other threads. Apologies the screen shot did not show it.


  • LAYER 8 Global Moderator

    So first you need to validate that 443 is actually hitting your wan IP.. Its quite possible its blocked upstream.

    2nd validate that it actually gets sent to your local machine… This is 5 seconds of sniffing on pfsense interfaces with diag, packet capture.

    You sure machine your forwarding too doesn't have firewall blocking it?  Have you gone through the troubleshooting doc?

    https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

    You don't have captive portal setup on the interface your server is on?


Log in to reply