[SOLVED] Opening HTTP & HTTPS port on WAN not working

Started by wardv, June 06, 2024, 08:55:47 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 06, 2024, 08:55:47 PM Last Edit: June 06, 2024, 09:44:54 PM by wardv
I'm having problems with port forwarding / reverse proxy from the outside world to my internal network. I've changed my OPNsense GUI port to 8000, but still the HTTP (80) & HTTPS (443) ports seem to be in use of something is not working correctly. I've set up a DNS record for domain.com pointing to my public IP address, so I then can use HAproxy for reverse proxy. The thing is now, when I surf to domain.com, my site does not show.

It's not a DNS issue, because the same happens when I surf to the public IP directly. The weird thing is, in Live Logging in the firewall settings, I can see all incoming TCP request to my WAN on every port, except the 80 & 443 ports. I've tried surfing to domain.com:<RANDOM_PORT> and to <PUBLIC_IP>:<RANDOM_PORT> and these both get logged, so I now this request comes in, and if I then apply firewall rules for that random port to my interal host, that works. It's really just HTTP & HTTPS traffic that doesn't seem to come in.

Do I need to configure something else? I have no specific firewall rules enabled, only the default ones. If I could just start by seeing these requests in my logging, then I can do the firewall rules/reverse proxy myself.
June 06, 2024, 09:44:24 PM #1
Quote from: wardv on June 06, 2024, 08:55:47 PM
I'm having problems with port forwarding / reverse proxy from the outside world to my internal network. I've changed my OPNsense GUI port to 8000, but still the HTTP (80) & HTTPS (443) ports seem to be in use of something is not working correctly. I've set up a DNS record for domain.com pointing to my public IP address, so I then can use HAproxy for reverse proxy. The thing is now, when I surf to domain.com, my site does not show.

It's not a DNS issue, because the same happens when I surf to the public IP directly. The weird thing is, in Live Logging in the firewall settings, I can see all incoming TCP request to my WAN on every port, except the 80 & 443 ports. I've tried surfing to domain.com:<RANDOM_PORT> and to <PUBLIC_IP>:<RANDOM_PORT> and these both get logged, so I now this request comes in, and if I then apply firewall rules for that random port to my interal host, that works. It's really just HTTP & HTTPS traffic that doesn't seem to come in.

Do I need to configure something else? I have no specific firewall rules enabled, only the default ones. If I could just start by seeing these requests in my logging, then I can do the firewall rules/reverse proxy myself.

Nevermind, seemed to be an ISP problem. They block those ports on their level. You need to ask them to open it ...
June 06, 2024, 09:46:31 PM #2
You could use sockstat to see which process on the OPNsense uses these ports.

Code Select
sockstat -l

To free port 80 you have to do this:

Enable the checkbox for HTTP Redirect - Disable web GUI redirect rule in System - Settings - Administration.

EDIT: Oh okay thats new, most providers only block 25. 80 and 443 sounds like an extra mean provider.
Hardware:
DEC740
Print
Go Up Pages1
User actions