pfSense Support Subscription

Author Topic: is it possible to port forward port 80 traffic that is sent to the wan interface  (Read 191 times)

0 Members and 1 Guest are viewing this topic.

Offline mrkool

  • Newbie
  • *
  • Posts: 17
  • Karma: +1/-0
    • View Profile
right now i have a port forward rule but it is not working. if i try to go to my public ip address from the LAN it takes me to the pfsense and gives me an error that something funny might be going on. If i try to access my external ip via port 80 it keeps churning and doesn't go any where.

So is it possible to run the 80 redirecting to 443 on the LAN interface as i will never need to access pfsense from outside.

Offline GruensFroeschli

  • Little Green Frog
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5443
  • Karma: +86/-3
  • No i will not fix your computer!
    • View Profile
https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks
I suggest you set up "Method2: split DNS" since it is the cleaner solution to your problem.

As for the port to run the webinterface on:
System --> Advanced
allows you to configure which protocol and which port to run the webinterface.
Best is to set it to https.
If you need port 443 to be forwarded, set the webinterface to something else as well (8443 is a port i often see in such a scenario).
We do what we must, because we can.

Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9589
  • Karma: +1087/-309
    • View Profile
If you must use NAT reflection you should probably set the web interface on pfSense to HTTPS and a port other than 443 (like 8443) and check WebGUI redirect to disable that.

All of this is under System > Advanced
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline mrkool

  • Newbie
  • *
  • Posts: 17
  • Karma: +1/-0
    • View Profile
I donít much care about accessing my website from the LAN which both the split DNS and NAT refers to. I just want the site to be public accessible but that is not working. So if any one connects to the WAN interface on port 80 I want them to be redirected to the internal web server on port 80 so a simple port forward should work but it is not.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9589
  • Karma: +1087/-309
    • View Profile
Are you testing from outside or inside? If from outside you are testing the port forward. If testing from inside you are testing NAT reflection regardless of what you are or are not concerned about.

Post your port forward(s) and the associated firewall rule(s).
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline mrkool

  • Newbie
  • *
  • Posts: 17
  • Karma: +1/-0
    • View Profile
Nvm It worked from outside dunno wot the issue was though but it works now.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9589
  • Karma: +1087/-309
    • View Profile
Yeah. That's item #6 here:

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

The port 80 redirect to the web gui works completely differently for NAT reflection than with a port forward.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM