I have a web server which I want to port forward HTTP(S) through my firewall to be accessed externally. I have a dynamic dns service set up which is functioning great and always shows my domain has the latest IP update. When I access the domain externally from the Internet with a web browser (http://vtiger.gokcm.xyz:) while using ports 80/443 (or 8080/8443 for that matter) forwarded to the webserver's ports 80/443 internally, I see in my Firefox URL bar that I was redirected to the internal webserver's ip, 192.168.1.253. So firefox was taking me to an address on a non-existent subnet on my network.
Its as if the firewall's dns resolver is answering WAN dns queries and handing out internal ips when redirecting instead of doing NAT and port forwarding. I have had this work easily before on other pfsense firewalls I have had. I have ports 22 and 8686 successfully forwarded to two different VMs and can access them fine so I don't think any ports are blocked.
To me it seems it may be a dns conflict. I am unsure. Could the firewall DNS resolver, which binds to all interfaces by default to answer queries, be responding to client dns queries on the LAN and WAN interfaces but only responding with private info? Please post questions, if you had the same situation or similar, anything helps. Thank you for your time!
Fact Sheet
For those driven by facts!
- CANNOT see a webpage at the domain vtiger.gokcm.xyz or kevins.nerd-exchange.com
- CAN ssh into internal vms externally, using ports 22/8686
- CAN see webpage on home network where I have a similar setup with port forwarded firewall, same firewall OS and version, same firewall rules being setup (haven't compared exactly side by side but will in a min and edit this post)