I set up a webserver on my network. I tried for days to open the firewall port 443 to that IP, scoured the guides, tutorials, forums posts, but still, I can’t find what I’m doing wrong.
Here are my current variation of the settings and my connection logs:
When I check from the outside, the port is closed down. I tried varius configurations with different source adresses, NAT enabled, NAT disabled, different ports.
Are there any other logs with which I can troubleshoot my problem? Or are there other settings I need to set to make port forwarding succesful?
The source should be the red network, not the firewall.
Tried it that way too. Still, port is closed to the outside.
this is the documentation I followed for my network. Also port 443 and It works. Make sure you apply the rule before checking if the port is open.
This might help. Use port 443 instead of port 80.
I recommend placing your web server in a DMZ (orange) and not in green. Just to be safe.
@alevan , I forgot to mention that a possible explanation for a failure to have an open port could be due to a double NAT, meaning that if this were the case, you would be receiving from your provider an IP address that is not directly exposed to Internet but it is translated into an IP address internal to the provider. This would compound to the NAT you are trying to establish inside your LAN and create a routing failure. Basically, lost in translation.
If this is the case, you need to investigate the appliance coming from the provider, as exemplified by this wiki instructions for google fiber. Sometimes the provider allows for a “DMZ” setting (or alternatively a “bridge mode”) where the provider’s NAT will port forward the traffic coming from the LAN side. Therefore if you place the IP address of IPFire in a DMZ zone of your provider router/modem, IPFire would port forward your server traffic to your provider appliance, which then would port forward that traffic to the border router of the provider, finally exposing the server traffic to the Internet side.
Double NAT is an evil thing and unfortunately it is quite common for many residential internet providers.
These log entries in your IPFire
indicate that the portforward has worked.
The port forward ends up with the pairing of DNAT and FORWARDFW
This indicates that the forwarding has got through from IPFire to your server on 10.0.0.52 but if you don’t get any response back out then you should look at the logs of your web server on 10.0.0.52 to see why it has not responded.
Out of curiosity, does your web server respond to https://10.0.0.52/