Hello everyone,
I have a bit of a problem with my configuration.
I have a hosted PLESK dedicated server that I backup every night to my synology server on my LAN with SFTP port 22. Works fine.
Server is on a static IP public address so is the synology server.
My pfsense appliance has port forward 22 accepting only connections from the ip from the server.
I am also able to access the NAS server on my LAN from outside via a https://nas.mydomain.fr. Some friends and family access it too without problem. We all have synology drive (kinda dropbox) running from outside the LAN and port 6690 rule has been set in pfsense port forward from all sources to LAN IP address of the nas on LAN. It works.
Problem is that when I try and ping from the plesk server to the NAS it doesn’t work.
I tried ping and curl https://nas.mydomain.fr:5001/webapi/entry.cgi and it got nothing. No connection…
Port 5001 is also open on pfsense.
When I check port open from outside, it shows that nothing is open even though the backup works on port 22 and syno drive works on 6690.
All these ports are also open on modem (fibre).
So can’t I see the nas from the plesk server?
Thank you for your help!
What do your NAT rules and interface rules look like?
Port forward is on with rules allowing hosted server to access nas on port 22 and 5001
Then I have another one that allows all traffic to some ports on the nas such as 443, mail ports for imap, smtp (I use nas as an email server as well) and that’s pretty much it.
Just did a port scan with one of these online services and everything is closed.
pfblockerng and snort activated but hosted server IP is declared so it should not block it and I don’t see it in FW logs.
LAN is very permissive with all open. Got only 4 machines on it.
And backup and syno drive has been working every night on port 22 and 6690 without problem. Why then I don’t see port 22 and 6690 open on port scan?
I was looking for screenshots of the rules and NAT rules 
Are you creating your port forwards under Firewall > NAT > Port Forward or are you creating rules explicitly under the WAN interface?
What do you have for your WAN interface rules? Do you have anything blocking before the NAT rules?
Hello,
NAT rules are first so nothing should be blocking.
I have 2 NAT rules for the NAS.
First goes from dedicated hosted server to port 22 for backups.
Second goes from all to other ports on NAS (6690, 5001, 5006, 443 and mail ports)
Could you tried to run a continuous ping again but this time look at the logs for the firewall under Status > System logs > Firewall and sort by the source IP you are coming from?
Also I don’t see any rules for ICMP so you have to a rule in there to allow that for ping to work.
Or you could run your curl command again and see if you can find that in your logs.