Configuring & allowing Inbound Traffic using Port Forwarding with NGINX on pfSense Firewall



pfSense

The pfSense project is a free open source customized distribution of FreeBSD tailored for use as a firewall and router entirely managed by an easy-to-use web interface. No FreeBSD knowledge is required to deploy and use pfSense software.

In this article, we'll configure a firewall to allow inbound traffic from the internet to a web server using Port Forwarding running with Nginx as well as apply it to the WAN interface under pfSense Firewall configuration.


1. Port Forwarding

Port Forwarding sets up public services on your network such as web servers, FTP servers, or e-mail servers. When users send this type of request to your network via the Internet, the router will forward these requests to the appropriate computer.

  • Navigate to Firewall > NAT > Port Forward > Add

  • Edit Redirect Entry

  • Interface > WAN

  • Protocol > TCP

  • Destination > WAN address

  • Destination port range > HTTP

  • Redirect target IP > Server IP

  • Redirect target port > HTTP

  • Description

  • Save > Apply Changes

  • Try to connect the server before applying Nginx

You should see this screen

In this section, we'll configure Nginx Server

2. NGINX

NGINX is open-source software that can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer. It has capabilities for web serving, reverse proxying, caching, load balancing, media streaming, and more.

  • Navigate to the pfSense shell to execute the Nginx command

  • Update System 

           $ free-update fetch

  • Install Nano 

           $ pkg install nano

  • Install Nginx

            $ pkg search nginx
            $ pkg install nginx-version

  • Note: rename a file "nginx.conf" to another filename to make it as a backup file

$ cp /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/.conf.original  $ nano /usr/local/etc/nginx/nginx.conf

  • Edit port 80 to the port number you want

Note: by default, Pfsense UI uses port 80 so we need to change the port 

     server {
         listen 80;
         server_name  localhost;

  • Save > Exit

  • Edit Html code with default Nginx page

$ nano /usr/local/www/nginx/index.html

  • Add this line: nginx_enable="yes" to rc.conf file

$ nano vi /etc/rc.conf
$ nginx_enable="yes"

  • Before we start Nginx, make sure the configuration is correct 

$ nginx –t

  • Start Nginx

$ service nginx start

  • Now try to connect the server again after applying Nginx

You should see this screen





in News
Configure Squid V6.2 on Ubuntu server 22 and use it with ICAP