Yep.https should have nothing to do with a DMZ. Make sure your default pfSense web configurator is not configured for port 443... That will make https port forward not work.
Edit: You're trying to get https to work on the NIC in your BL machine, that's connected to the internet, right?
Thanks.
@FritzNope, I'm the one missing something. I thought I was supposed to change to port to something other than 443 so I did. Changed it to 9990.
1:1 NAT is empty.
Just changed it back to 443. Not sure I know what 1:1 NAT is, sorry.
Thanks for this very detailed explanation. Think I've determined that it isn't a DMZ I need, I wrongly assumed it did but according to an earlier post, DMZ has nothing to do with my problem. Problem is PfSense isn't forwarding https port 443 to 192.168.10.100. I get "Unable to reach server" when I attempt to connect from my phone from the outside and "The Server is taking too long to respond" when I try to connect from another computer on the inside.@Fritz
1:1 NAT is 1:1 Network Address Translation.
A pretty common deployment for PFSense ipv4 might be:
Public facing interface (untrusted, uses Public IP addresses, we'll call this Subnet U, /29 in size)
DMZ facing interface (untrusted, uses Private IP addresses, we'll call this Subnet D, /24 in size)
Private facing interface (trusted, uses Private IP addresses, we'll call this Subnet T, /24 in size)
with such a configuration you would use 1:1 NAT to assgin an IP address from the Subnet U IP block to an IP address in Subnet D. You still need rules to decide what ports may be passed through to your DMZ host.
ie. 123.4.5.6 -> 192.168.10.100
(public IP is ONLY an example I pulled out of the ether.)
Most likely this 1:1 NAT is also configured as transitive so that traffic coming from 192.168.10.100 becomes 123.4.5.6 when it passed through the public facing interface to the outside world.
Using 1:1 NAT implies that your ISP has given you a static IP block of public addresses and at a guess they'd probably have assigned you a /29 block that in my experience being the most common sized assigned by ISP's that requires only a little bit of justification.
If you only have a /32 static public IP or actually have a dynamically assigned public IP to your public facing interface then what we're really looking at is port forwarding to a host in the DMZ.
it would be helpful to know the following ipv4 information:
the last octet (host/network) and the size of Subnet U
the last network portion octet and size of Subnet D - guessing 192.168.10.0/24 or 192.168.10.0 255.255.255.0
the last network portion octet and size of Subnet T
It would be helpful to know the following pfSense interface IP's
Subnet U host portion IP address
Subnet D interface IP address
Subnet T interface IP address
by only asking for the last octet I'm trying to maintain a level of privacy so you don't feel like I'm asking for super secret information.
If you don't know the size then you can provide the netmask and we can calculate the size.
I wondered if that might be the case... and I apologize if this is a stupid question but...Thanks for this very detailed explanation. Think I've determined that it isn't a DMZ I need, I wrongly assumed it did but according to an earlier post, DMZ has nothing to do with my problem. Problem is PfSense isn't forwarding https port 443 to 192.168.10.100. I get "Unable to reach server" when I attempt to connect from my phone from the outside and "The Server is taking too long to respond" when I try to connect from another computer on the inside.
http works fine tho.
sorry another dumb question:Thanks for this very detailed explanation. Think I've determined that it isn't a DMZ I need, I wrongly assumed it did but according to an earlier post, DMZ has nothing to do with my problem. Problem is PfSense isn't forwarding https port 443 to 192.168.10.100. I get "Unable to reach server" when I attempt to connect from my phone from the outside and "The Server is taking too long to respond" when I try to connect from another computer on the inside.
http works fine tho.
k. so back to my dumb question:Kapone said above to make sure the PfSense web configurator wasn't using port 443. I misunderstood and briefly changed the https port to 9990 and then changed it back to 443. Never checked anything.