I have noticed that my nethserver ignores port forwardings after a certain time.
For example: I have set up a port forwarding for my own cloud (ports 80 and 443). This is deactivated after an indefinite period of time and no longer works.
Only after deactivating and reactivating the rule works again. Is it possible that this is caused by a bug in the firewall?
Or maybe that has something to do with my other rules?
One idea would be forwarding Port 80 with a reverse proxy on the NethServer, that would allow you to also access services on the NethServer running on port 80.
SSL or Port 443 offers a few possibilities. I’m using it such that the server behind the NethServer does not provide SSL, only Port 80. The NethServer “listens” to Port 443 and provides the SSL encapuslation (Using LetsEncrypt).
My concrete use is a Zabbix Monitoring server (also on ProxMox). The NethServer isn’t the firewall - we have a hardware firewall here - but is using Ports 80 and 443. So I use the reverse proxy in NethServer to forward /zabbix to the Zabbix server - unencrypted.They are both running on the same hypervisor, so packets don’t leave the host.
This is very stable - the only drawback at the moment is I can’t “draw” a map in Zabbix using a reverse proxy. This still needs a direct IP or VPN connection to work.
The client sees a valid encrypted SSL page and access from Internet is encrypted. 'nuff security for a home environment…
Such a scenario would NOT work if the server behind also uses advanced security like eg a Mac Server using SSL and Kerberos…
I do use NethServer, running as a firewall. in another case to forward ARD and VNC (Apple Remote Desktop) to access a Mac Mini behind the NethServer Firewall. This is working stable - but does not deal with ports 80 / 443…
I tried it with SSH now and I could forward port 22 to another server without stopping the SSH service.
Did you disable the httpd service? In your screenshot it’s just stopped. After a reboot the httpd service will run again.
There’s no need to stop httpd to forward port 80 (as for any service).
Technically, port forwards are in the pre-routing chain, so forwarded traffic will never reach httpd.
You can keep httpd active and reach it using another port forward such as:
port 8080 to localhost 80
Basically 80 lands you on the ns landing page, of if you have a site up, you need to either do what filippo said or use a reverse proxy. I personally use a reverse proxy for sites hosted outside my gateway, but I have, as an example, plex running on another host but use a portforward to direct 1234 to 1234, i think your issue is 80/443 is in use already with another service (httpd)