PF PF Portfowarding HTTP Sometimes can be opened sometime can't be opened

sodri126

New Member


Messages: 3

Hello everyone. to the point, I would to ask something about port portforwarding. is portforwarding very slow connection? My friends opened my server actually is really fast (about 20ms). But when I opened it, it is very slow to opened the web from the my ip public. sometime when I opened it is really fast and sometimes it is very slow response

This is my topology server

(Gateway) -> (Web), (Db)

Gateway (FreeBSD 10.1 RELEASE)
Interface xn0 = this is my ip public
Interface xn1 = 192.168.0.254

Web (FreeBSD 12)
Interface xn0 = 192.168.0.254

Db(FreeBSD 12)
Interface xn0 = 192.168.0.253

This is my configuration PF
Code:
ext_if="xn0"
int_if="xn1"
ip_local="{192.168.0.0/24}"

set skip on lo0
#scrub in all
nat on $ext_if inet from $int_if:network to any -> ($ext_if)
#nat on $ext_if inet from ! ($ext_if) to any -> ($ext_if)
#nat on $int_if inet from ! ($int_if) to any -> ($int_if)

rdr on $ext_if proto tcp from any to ($ext_if) port 80 -> 192.168.0.253
#rdr pass on $ext_if proto tcp from any to ($ext_if) port 80 -> 192.168.0.254 port 80
#rdr pass on $int_if proto tcp from any to ($int_if) port 80 -> 192.168.0.253 port 80

pass in quick on $ext_if inet proto {tcp, udp} from any to any  keep state
pass out quick on $ext_if inet proto {tcp, udp} from any to any  keep state

pass in quick on $int_if inet proto {tcp, udp} from any to any  keep state
pass out quick on $int_if inet proto {tcp, udp} from any to any  keep state
The people exactly wondering about my version FreeBSD. Why you don't use all FreeBSD12? Because I am using Citrix XeCenter and Citrix XeCenter cannot add interface card network more than one. it is bug XeCenter. So I am using FreeBSD 10 for can add interface card network more than one.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 9,283
Messages: 33,826

is portforwarding very slow connection?
Not in general, no.

Note that there is a part missing on the right hand side, looks like you copy/pasted the screen and the text got cut off at 80 characters. But I can pretty much guess what it says. The rules look fine, so your slowness isn't caused by the rules. You may want to change them a little though, there's no need to forward UDP for HTTP/HTTPS.
 
OP
S

sodri126

New Member


Messages: 3

Upps sorry. but i have fixed it.

Back to topic, Didn't I use UDP for HTTP/HTTPS? because when I opened in my friends laptop it runs as fast as well. When i tried to my laptop/another laptop. No response

I am confusing about that.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 9,283
Messages: 33,826

Didn't I use UDP for HTTP/HTTPS
You redirected both TCP and UDP but HTTP(S) only works on TCP. So there's no need to forward UDP.

because when I opened in my friends laptop it runs as fast as well. When i tried to my laptop/another laptop. No response
Are all these machines on the same LAN? The redirects only work for connections coming from outside your network, i.e. from the internet.
 
OP
S

sodri126

New Member


Messages: 3

You redirected both TCP and UDP but HTTP(S) only works on TCP. So there's no need to forward UDP.

Are all these machines on the same LAN? The redirects only work for connections coming from outside your network, i.e. from the internet.
Yes Gw, Web and Db are in one scope LAN.

Yes actually my friends request from internet and also me request from internet. and my friends is successfully to get response, while me is failed to get response. I am really confuse about that. Btw web server that i use is NginX
 
Top