OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: teuna on June 24, 2016, 03:11:19 am

Title: [SOLVED] Port forward (web:80)
Post by: teuna on June 24, 2016, 03:11:19 am

Hello, I'm testing Opnsense as I need to replace an old IPCop box however I can't get port forward to work, can you see what I'm doing wrong or what I'm missing?

(https://s31.postimg.org/enskgc6zv/Capture1.png)

(https://s31.postimg.org/vevigko4r/Capture2.png)

ProxyWeb is an alias to an Apache httpd server acting as a proxy for multiple web servers

When I try to browse any of my websites from a workstation on the same LAN it's not working like it does with IPCop, I think I'm missing something (not a network guy). I wasn't able to try from a workstation on a different network.

Title: Re: Port forward (web:80)
Post by: jhh on June 24, 2016, 04:54:49 pm

Hi teuna,

you have configured "WAN net" as destination in your NAT Rule.
Try "WAN address" instead (or enter that single IP, you want to translate, if this is not the address of the WAN interface).

What do you mean by "in the same LAN"?
Did you connect your workstation to the LAN network or to the WAN network of your OPNsense?

Regards,

Joerg

Title: Re: Port forward (web:80)
Post by: teuna on June 24, 2016, 09:43:49 pm

my bad

I changed destination in NAT rule to "WAN address" but it's still not working, it's like the firewall rule is not working, my browser give me timeout error when trying to connect to any of my websites

my workstation is connected to the LAN network

Title: Re: Port forward (web:80)
Post by: fabian on June 24, 2016, 11:27:03 pm

What is your setting according to nat reflection?

Title: Re: Port forward (web:80)
Post by: franco on June 27, 2016, 07:56:18 am

Port 80 may be blocked by the GUI listening on the interface.

Where is the Apache Server, in LAN or WAN?

Title: Re: Port forward (web:80)
Post by: teuna on June 27, 2016, 08:26:05 pm

hello, thank you for your help, sorry for late reply

@fabian
nat reflection is "Enable (NAT + Proxy)" in System > Settings > Firewall/NAT and "Use system default" in my port forward rule

@franco
yes I think too maybe I miss something because of GUI

Apache server is on LAN, I changed GUI port to 8443 in System > Settings > Admin Access (see screenshot)

(https://s31.postimg.org/hmfb2yj8r/Capture3.png)

Title: Re: Port forward (web:80)
Post by: franco on June 28, 2016, 08:44:08 am

Edit: On second thought, it looks like the port forward is alright. If this is about WAN address:80 -> access to webserver from LAN it's a reflection and/or DNS issue, but not a port forward issue.

Title: Re: Port forward (web:80)
Post by: teuna on June 28, 2016, 10:52:51 pm

thank you all for your valuable help I got it to work

I'll document here so maybe it help others

first I changed reflection settings to "Enable (pure NAT)" but still didn't work
then I changed "Filter association" in my port forward rule from "NAT rule" (generated) to "PASS"
then I added a rule to firewall to allow connection on WAN port 80 as the generated rule got deleted (from previous step I suppose)

Now it works! Thank you :D

Title: Re: Port forward (web:80)
Post by: teuna on June 28, 2016, 11:17:40 pm

nevermind it's not working... it only works from LAN workstation not from outside (Internet)

Title: Re: Port forward (web:80)
Post by: teuna on June 28, 2016, 11:45:06 pm

I unchecked "Disable webConfigurator redirect rule" in System > Settings > Admin Access and now it's working both from LAN and Internet, I have no idea what I'm doing but it's working!

Title: Re: [SOLVED] Port forward (web:80)
Post by: Julien on June 30, 2016, 11:09:05 pm

redirect rule it always redirect the request on port 80,
disable it will not use port 80 but the assign port.