Http NAT will not work on pfsense

I am setting up a home-lab and want to publish Hudu on the internet via my pfsense.
Network Setup is simple
Internet - pfsense - hudu server
The pfsense is model: Netgate SG-1100

This is the NAT Rule:

I am just testing with the default NGINX server to see if I can access the site remotely, but I am getting time outs. Nginx site works internally without any issues.

Network Address Translation is set to pure nat and I have enabled

  • Automatic creation of additional NAT redirect rules from within the internal networks.
  • Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from.

Whatever I do, I cannot seem to get this rule to work. The strangest thing is I have also created a NAT rule to allow SSH and this works flawless.

Any suggestions? where to check net before I set the pfsense to factory defaults

Is the gateway set to be pfsense in NGINX? I have a video here that covers port forwarding

1 Like

Yes gateway of the Nginx server set to use the pfsense as default gateway. Otherwise ash wouldn’t work either from remote.

I set the pfsense back to factory defaults, without success.
Website in not accessible via WAN

Did you change the port for the pfsenes web admin interface and turn off the WebGUI redirect under “System → Advanced ->Admin Access”?

Thanks Tom,
Even though that was still default I changed it now but still no result

I am sure it must be a configuration. cause when I added a new rule to publish the site on 8080 it works bit not on port 80

I am out of ideas, might want to try their forums

1 Like

Thanks for your help anyway. I’ll try their forums.

Update on this issue. I contacted my ISP and they blocked port 80. After they removed the block, the site is accessible, and all rules are working as per expected.

@myles Did you uncheck the “Block RFC1918” in settings in pfsense? If your pfsense is behind your ISPs router, they are communicating via private addresses and this will prevent communications that aren’t replies.
Also, if you are behind an ISP’s router, did you port forward the access to your SG-1100 firewall in the first place?

You could also chec if your ISP’s router let you put devices in a DMZ where they will receive every attempt to connect from the Internet, maybe you have that kind of router too and you wont need port-forwarding on your ISP’s router.

1 Like

Thanks for that, but port forwarding is working port 22 and 8080 so I didn’t need to uncheck the “Block RFC1918” in the WAN settings.
I got port 80 to work after I called my ISP they allowed access.