Port Forwarding not working

alevan · 17 March 2022 16:12

Hello.

I set up a webserver on my network. I tried for days to open the firewall port 443 to that IP, scoured the guides, tutorials, forums posts, but still, I can’t find what I’m doing wrong.

Here are my current variation of the settings and my connection logs:

When I check from the outside, the port is closed down. I tried varius configurations with different source adresses, NAT enabled, NAT disabled, different ports.

Are there any other logs with which I can troubleshoot my problem? Or are there other settings I need to set to make port forwarding succesful?

cfusco · 17 March 2022 16:51

The source should be the red network, not the firewall.

alevan · 17 March 2022 17:08

Tried it that way too. Still, port is closed to the outside.

cfusco · 17 March 2022 17:34

this is the documentation I followed for my network. Also port 443 and It works. Make sure you apply the rule before checking if the port is open.

jon · 18 March 2022 15:15

This might help. Use port 443 instead of port 80.

I recommend placing your web server in a DMZ (orange) and not in green. Just to be safe.

cfusco · 19 March 2022 13:35

@alevan , I forgot to mention that a possible explanation for a failure to have an open port could be due to a double NAT, meaning that if this were the case, you would be receiving from your provider an IP address that is not directly exposed to Internet but it is translated into an IP address internal to the provider. This would compound to the NAT you are trying to establish inside your LAN and create a routing failure. Basically, lost in translation.

If this is the case, you need to investigate the appliance coming from the provider, as exemplified by this wiki instructions for google fiber. Sometimes the provider allows for a “DMZ” setting (or alternatively a “bridge mode”) where the provider’s NAT will port forward the traffic coming from the LAN side. Therefore if you place the IP address of IPFire in a DMZ zone of your provider router/modem, IPFire would port forward your server traffic to your provider appliance, which then would port forward that traffic to the border router of the provider, finally exposing the server traffic to the Internet side.

Double NAT is an evil thing and unfortunately it is quite common for many residential internet providers.

bonnietwin · 19 March 2022 22:27

These log entries in your IPFire

indicate that the portforward has worked.
The port forward ends up with the pairing of DNAT and FORWARDFW

This indicates that the forwarding has got through from IPFire to your server on 10.0.0.52 but if you don’t get any response back out then you should look at the logs of your web server on 10.0.0.52 to see why it has not responded.

anon42188109 · 19 March 2022 22:31

Out of curiosity, does your web server respond to https://10.0.0.52/