Firewall/NAT

I am having problems forwarding ports such as port 80 for my webserver.  I know my ISP does NOT block port 80. Also I can access the web server on the LAN but cannot access it outside of the LAN.


I set my NAT to

(http://i57.photobucket.com/albums/g240/vagrantdeath/pic2.jpg)

and allowed for my firewall to

(http://i57.photobucket.com/albums/g240/vagrantdeath/pic1.jpg)


I also changed the webgui for m0n0wall to use https and port 443

but nothing was being allowed in from the outside (WAN)  So I ran a port check and it came back with port 53 and port 443 being open but nothing else.

am I missing something?

everything looks fine to me.  does it work if you remove your m0n0wall and connect your internet connection directly to your server?  If not, your ISP is blocking port 80 despite what they are telling you.

CS...

What does the log show? It might be useful to log the private networks rule and also add a Block all rule at the bottom that is logged to see what is happening to the traffic.

Just to verify, setup another rule that forwards port 8080 WAN to port 80 LAN and see if you can access your website http://mywebsite.com:8080/ in the web browser?

If that works, but it won't bring up your web server on port 80, I would go back and make sure the ISP isn't blocking the port.

As far as I can tell, you have everything right, it should work like a charm.

Vagrant,

Did you ever resolve this problem. I just found your post and I am having the exact same issue. My rules are set up the same as yours and I still cannot get anything through port 80. I have tried the NAT suggestion to route through 8080 and that works beautifully. I checked with AT&T, my ISP, and they are not blocking the port.

Any more thoughts on this would be appreciated.
I have attached a couple of screen shots showing the firewall rules and the NAT rules to for the site. I am just baffled.


Thanks,

Willh20

[75.146.8.XXX, port 80]

I've tested this on mine just to make certain.

I was able to hit my website using this NAT rule, which I noticed was just like the others here. I'm at a loss to say why it doesn't work for you all except that it's being blocked either at the firewall level or ISP level.

So what you need to do, turn off your NAT rule, then try to hit your website, let it fail, then go into your "Diagnostics" / "Logs" / "Firewall" logs.

Look for something like this being blocked:
00:18:28.371102      WAN      74.94.251.XXX, port 54122      75.146.8.XXX, port 80      TCP

If you don't see this anywhere in your firewall log, it means the request is never making it to port 80 and your ISP is truly filtering out port 80. Otherwise, if you could see the "blocks" when no "allow" rule exist, then you would be able to turn the NAT rule back on and everything would work properly.

The only other thing is, your ISP may have some equipment to "fake" a port 80 connection that doesn't really go to your m0n0wall machine. So it's kind of stealth drop from the ISP.

Other than that, I can't reproduce the problem everyone is having here.

Your pfsense configuration looks good. I don't think your ISP is blocking.

I had a similiar problem trying to get ports into a W2K Adv Server using pfsense.

Here's what I discovered...

If the server daemons machine (W2K) does NOT have the pfsense lan ip as its default gateway, then the W2K server daemons will not be available when port forwarding through pfsense from the WAN.

In other words:

This WON'T work
----------------
pfsense lan IP: 192.168.10.98/24
server ip:            192.168.10.200/24
server gw:        192.168.10.100/24

But this WILL work
-----------------
pfsense lan IP: 192.168.10.98/24
server ip:            192.168.10.200/24
server gw:        192.168.10.98/24

Alternatively, you can add another gateway (the pfsense lan ip) to the W2K server gateway list.
The dialog is in: local area connection properties/ip settings/advanced

This also fixes the port 8080 workaround that is posted in this thread.
Good luck.
f