Yup if he use it as local / intern firewall to so in between, but depends then on setup network.
sigh
It’s not possible to use that router any other way.
“Ir but then tested it on a regular router…”
I mean that one.
OK. That means the server is fine.
Did you go into the pfSense router software and make a rule for port 10000?
Agree and this is what I think the hold up is.
I originally made the rule in the pfsense firewall and it didnt work but then I removed it when it made no difference.
Later today I will check the iptables and also the pfsense settings for NAT.
Thank you all and i will let you know what happens.
I never had this happen with the 4 other Webmin installations I did.
I will check that later today.
I did not know you needed a NAT setting for local connection. I thought pfsense NAT is for port forwarding from WAN to LAN, not LAN to LAN. But I could be wrong
The network is setup as follows
[Cable Modem] – [pfSense] – [Network Switch] – [Server and Workstations]
It’s both.
From pfsense documentation:
In pfSense® software, rules on interface tabs are applied on a per-interface basis, always in the inbound direction on that interface. This means traffic initiated from the LAN is filtered using the LAN interface rules. Traffic initiated from the Internet is filtered with the WAN interface rules.
Since you have pfSense running on that router, you have to forward any port that isn’t assumed. Typically, they’ll allow port 80 because it’s very widely used on Lans. That’s why you can see the apache page if you go directly to the IP.
But they’re not going to enable every port in the universe by default, so you have to go set that rule for port 10,000.
Can I be the stupid network guy here and ask how the pfsense device would even get itself inserted between two systems in the same network domain as depicted above? Presuming the client and his server are on the same subnet the session startup from perspective of his client would be: DNS lookup (irrelevant here, it’s being given the IP), route lookup (is it local or do I need to use a gateway, in this case local so I don’t need to route), ARP request for MAC of destination, create L2 frame destination server MAC with TCP SYN packet to initiate 3way handshake. The pfsense device never gets inserted into that path because traffic is not going to/from the cable modem. So, presuming his workstation and his server are both on 10.50.0 this would be server iptables/firewalld or windows firewall on the client rather than NAT rules and other stuff on the pfsense, no?
The software is shipped in the router itself. All routers for home use have some sort of software installed in them to prevent people from accessing your network and it regulates everything connected to it be that via cable or wireless.
By default, most home routers assume you’re an idiot; so they block off pretty much everything.
All you have to do is go in and make the rules allowing whatever you need.
I have a TP Link Router. It has it’s own proprietary software, but it’s pretty much the same thing. I had to go in and set all the port forwarding for everything to work, not just over the internet but over the local network as well by setting up virtual servers.
If those protections weren’t there, somebody that simply logged on to your guest network over wifi (if you’re not smart enough to turn that off to begin with) would be able to access anything on your network with no questions asked.
Here’s a shot of my external and virtual server settings:
Without the virtual server settings, I wouldn’t be able to access Virtualmin on my local network.
Without the port forwarding settings, nobody from outside could access the server over the internet.
Put it only on the local switch no router/modem/ pfsense to test your local parts, ( so short pul the modem router / firewall cable to your local switch.
Then test if you could reach the local devices also port 80 and so on if that working, then test port 10000 , 20000 if not you know is in your local network.
What is you client device there local?
A Windows or?
Look for “firewall” then on those.
Do you use a firewall as example csf on the webmin box?
Sorry short notime to read all, hopes it make some sense what i write now so late.
If switch has some security build in then check your switch parts to. VLANS?
In a typical home setup, there is no switch. There is simply the modem which is connected to the router which you hook your computer to.
That’s the part that most “pro” people don’t get. There is no switch in the typical home network. There never has been.
A @Gomez_Adams he did however did write above switch in use.
That was why al did all my writing if not then sorry.
We do all here with switch for local at our place, separate from the routers / firewall parts.
(WIFI hmm local only for that you can’t without, then also Wifi guest yes only on and again that is separated from your local WIFI network, also the security there is much more strict normally and only teh reqonized should be allowed and set, for the time they are trusted to be as guest)
1 Like
I stand corrected. You are correct.
1 Like
@Gomez_Adams Jippie no joking , i scratched my head that i could be so wrong, in spare time on forum it is harder to have the brains still working enough by me.
1 Like
That’s what confused me too. His diagram showed a switch separate from the cablemodemrouter thing. So the traffic shouldn’t be seen on that device if the network is as depicted.
@Peter_Clark pfsense and smart switches with vlans configured could have some extra’s also local i think.
But he did write before also regular router no succes , so i think problem is or on client , or on webmin box some firewall, not allowing those ports , is the most simple explanation for me. I could be wrong though. 
U did he acces on ip?
If not but on via dns/ domain name, then it could be over outbound traffic, so isn’t it local in real.
Then he have to set or that port forward in router / firewall , or make that domain local accesable in for example host file or some dns.
EDit i see screenprint on local ip, i hope same network segment. then forget my last few lines above here
But still for local things i use myself a hosts file on those clients to not have to do over ip adresses.
so:
10.50.0.67 hostenname
10.50.0.67 domainname
Just read all this, glad i run the server on Vultr, no headaches like this.
Steve
To most it’s not a headache at all. It took me about 10 minutes to sort out.
And never having hosting fees is well worth any little bit of work you have to do to get it sorted.
1 Like