OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • Firewall shows pass to 443 port but can`t be reached.
« previous next »
  • Print
Pages: [1]

Author Topic: Firewall shows pass to 443 port but can`t be reached.  (Read 1922 times)

mervynsword

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
Firewall shows pass to 443 port but can`t be reached.
« on: December 07, 2018, 08:34:43 pm »
Hi guys.

I am trying to use Caddy behind OpnSense as a reverse proxy. But there are some problems.

I have added NAT rules and firewall rules, just in the attachment.

But the Caddy can not get https certificate. It showed
Code: [Select]
failed to get certificate: acme: Error 400 - urn:ietf:params:acme:error:connection - Fetching http://home.example.me/.well-known/acme-challenge/XXXXXXXXXXXXXXXXXXXX: Timeout during connect (likely firewall problem)
The acme request port 80 or port 443 to get certificate, so I am thinking maybe it`s a firewall problem, or worse, the port 80 and port 443 are blocked by ISP.

So I tried to run a netdata in a docker, forwording port 19998(host) to 19999(docker)(because the port 19999 has been using by the netdata running in my host), and add a NAT rule to the firewall, it can be visited from the internet by http://home.example.me:19998.

So I changed the netdata docker port forward, from host 443 to docker 19999, and of course a NAT rule, the port test shows the host 443 port can be reached from the LAN, but I can`t visit netdata from the internet by http://home.example.me:443.

What makes this interesting is, the log of the firewall shows it allows the connection from the internet to the netdata docker.There is a screenshot in the attachment too.

I mean I can`t visit the netdata by http://home.example.me:443, so maybe the 443 port is blocked by ISP? But if it is blocked, why there is logs show the firewall accepted the connection?
Logged

simonszu

  • Newbie
  • *
  • Posts: 17
  • Karma: 1
    • View Profile
Re: Firewall shows pass to 443 port but can`t be reached.
« Reply #1 on: December 12, 2018, 01:10:33 pm »
Maybe your browser is confused. HTTP on Port 443 is very uncommon, so it tries to speak HTTPS or expects a HTTPS answer.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • Firewall shows pass to 443 port but can`t be reached.
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2