Don't get it! NAS on LAN not accessible from outside

Hello everyone,
I have a problem I spent some time trying to figure out and honestly I don’t get it.

I am trying to access my NAS on my local network from outside with https://nas.mydomaine.com
Domain is setup with Cloudflare and I have everything set-up properly on that side.
Nas is configured with reverse proxy redirecting to port 443 on NAS

On pfsense side, NAT rules on both WANs are redirecting this traffic to the local NAS IP address.

I cannot connect to my nas using the https.
For some reason pfsense is blocking the public IP supplied by my ISP

The public IP is not declared on pfsense as the modems have the public IP and nat to the pfsense with a lan address (192.168.6.1 for modem to 192.168.6.2 for pfsense)

Could someone tell me why and how to fix it?
Sorry if not enough documented, new users cannot post more than one image.

Thank you for your help.

A bit tricky to follow your setup. However, you might consider an alternative approach that is to run an OpenVPN server with DDNS, you will be able to securely access your NAS.

If you can’t install the OpenVPN client from your remote client, then accessing your NAS directly over the internet might be a security risk.

Port 443 might be in use elsewhere on your network, try switching it to something else, otherwise it’s likely to be your rules on the WAN.

Hello and thank you for your answer!
I have tried to set up openvpn but for the life of me I can’t get it to work!! I followed the video tutorial on Lawrence systems youtube channel but for some reason it doesn’t work. Certificate problem I guess.
I was so proud of myself as I got pretty much everything else to work :rofl:
I guess my next step is to work on the openvpn thing as as you mentionned it is the best solution to access my nas form outside.

LOL been there.

OpenVPN isn’t too bad to set up, it will be worth the effort.

Personally I like to use SSL/TLS + User Auth Server Mode, however, with Shared Key, it might be easier to just get OpenVPN working, then go from there.

I’ve not used the wizard, but with it you should be able to get the OpenVPN server up, then you will know the problem is elsewhere if you still can’t connect.

Key word “been there” I’m still in it!!! Grrrr
I can’t set up openvpn because I believe my whole configuration is wrong but I’m trying.
I go through the wizard for openvpn, export the client, import it on my android phone and doesn’t work as it is trying to connect to the LAN IP of the pfsense box. (192.168.6.2:1194).
My pfsense is behind 1 modem supplied by my ISP which holds the public IP (I keep it because of phone and TV). From that ISP box (192.168.6.1) I redirect through nat all traffic to the pfsense box (192.168.6.2). Then in pfsense gateways are declared 192.168.6.1 and 192.168.5.1 and WAN1 192.168.6.2 et WAN2 192.168.5.2 (dual connexion).


So on my phone when I import the android configuration and start the profile it is looking for 192.168.6.2:1194 which is impossible to do of course. If my phone is connected to the LAN then no problem the openvpn connects.
So I guess I have to work on pfsense.
As someone famous said : Damn it Jim, I’m a doctor, not an IT guy!!!

I’ve never done this (not using openvpn in production), but the openvpn config file is editable in a text editor, you should be able to edit it to point to your real WAN address.

Hello and thank you for your answer.
Good idea, I did just that and it worked (kinda… it connected, I see the connection in pfsense but unable to navigate the local network…)
The IP4 tunnel network is 192.168.60.0/24 and the IP local network is 192.168.20.0/24
I get this : exception parsing IPV4 route: [route] [192.168.20.1] [255.255.255.0] : tun_prop_error: route is not canonical
Been looking for this error and I added in the custom option push “redirect-gateway def1”
I guess it redirects to the default gateway… But I don’t have a default gateway as I have 2 connections, I have a gateway group as default. Would this be the problem even though I created the vpn connection on WAN1?
In case, I marked wan2 down to see if it would help but it doesn’t.