All times are UTC - 6 hours [ DST ]




Post new topic Reply to topic  [ 11 posts ] 
Author Message
 Post subject: pfSense Firewall and PiAware
PostPosted: Thu Jul 06, 2017 11:27 am 
Offline
phodge - FlightAware user avatar

Joined: Tue Aug 29, 2006 6:00 pm
Posts: 5
Location: KTKI
Recently implemented a pfSense based firewall and can't get the port forwarding set up correctly to view the Skyview map away from the home network. Piaware feeds the internal view from the stock port 8080 and FA is getting the feed data, so the Pi3 is working just fine. DDNS provider is working and confirmed online.

If anyone has a pfSense setup, I would appreciate your insight on how the port forwarding and/or FW rules are set up to allow external network viewing. Thanks!


Top
 Profile  
 
 Post subject: Re: pfSense Firewall and PiAware
PostPosted: Fri Jul 07, 2017 12:30 am 
Offline
FlightAware Member
SoNic67 - FlightAware user avatar

Joined: Fri Jun 16, 2017 7:44 pm
Posts: 72
Location: Newport News, Virginia, USA
SkyView works only on local network.


Top
 Profile  
 
 Post subject: Re: pfSense Firewall and PiAware
PostPosted: Fri Jul 07, 2017 2:07 am 
Offline
FlightAware Member
Devonian - FlightAware user avatar

Joined: Wed Dec 23, 2015 2:54 pm
Posts: 73
SoNic67 wrote:
SkyView works only on local network.

Well, yes and no.

By opening ports on your router and forwarding incoming requests from the internet to Skyview, you make it available from outside of your home network.

@ phodge,

I'm assuming you have opened/forwarded the relevant port(s) on your home router to pfsense ?

I don't know pfsense, but a quick google brings this, for example
https://turbofuture.com/computers/Port- ... figure-NAT

I simply use an old R-Pi that runs nginx as a reverse proxy to provide access to my piaware (and other web based data).

Nigel.


Top
 Profile  
 
 Post subject: Re: pfSense Firewall and PiAware
PostPosted: Fri Jul 07, 2017 8:56 am 
Offline
phodge - FlightAware user avatar

Joined: Tue Aug 29, 2006 6:00 pm
Posts: 5
Location: KTKI
Thanks Nigel for that Turbofuture site. A commenter on that post hinted an associated FW rule is needed for any port forwarding rule. The pfSense documentation isn't all that clear on the need for an associated rule.

Also helpful is this open port checker shown on that web site. It confirmed the open port 8080 after I got the FW rule in place. http://www.yougetsignal.com/tools/open-ports/


Top
 Profile  
 
 Post subject: Re: pfSense Firewall and PiAware
PostPosted: Fri Jul 07, 2017 10:41 pm 
Offline
redsquirrelftw - FlightAware user avatar

Joined: Wed Dec 07, 2016 4:00 pm
Posts: 23
I just tried on my pfsense and it works. you do need to add an associated rule too, as the port forward is one thing, but then you still need a firewall rule to let the traffic through. I usually just check the box to add the associated rule and it does it on it's own. I have a flight feeder so not sure if it's different, but the main page is actually on port 80, then the map view is on port 8080. I forwarded port 8080 and it worked. Just tried from my phone using my data plan to ensure I'm accessing it from outside the network.

You can test it here if you want to see if it works for you (to rule out an oddity at your end)

http://home.iceteks.net:8080

I will be turning this down in the next day or so though, just doing this as a test but feel free to check it out while it's up. Actually come to think of it, I should move this to my "internet facing" vlan and just keep it up all the time. It's currently on my wifi vlan which is fairly secured from the rest of the network but the internet facing one is where I put all the stuff that opens up ports to the outside. The beauty of pfsense and vlans is splitting stuff up in different risk groups/vlans.


Top
 Profile  
 
 Post subject: Re: pfSense Firewall and PiAware
PostPosted: Fri Jul 07, 2017 10:54 pm 
Offline
FlightAware Member
SoNic67 - FlightAware user avatar

Joined: Fri Jun 16, 2017 7:44 pm
Posts: 72
Location: Newport News, Virginia, USA
The port forwarding would have to forward all the 8080 port requests from Internet towards the IP address of the PiAware. That would blok the use of the incoming port 8080 for the rest of the computers on the network.
Also, with a simple firewall/router you can't redirect port 80 to the PiAware, it will block the traffic to all others in the network.
Setting up a server to proxy that webpage is above a basic router capabilities.

A VPN tunnel to your network is a better way to achieve this IMO.


Top
 Profile  
 
 Post subject: Re: pfSense Firewall and PiAware
PostPosted: Sat Jul 08, 2017 11:34 am 
Offline
NeoDuder - FlightAware user avatar

Joined: Sat Nov 26, 2016 11:17 am
Posts: 26
Location: EGPH
I use a reverse proxy to do this...

http://radar.clanlawrence.co.uk


Top
 Profile  
 
 Post subject: Re: pfSense Firewall and PiAware
PostPosted: Sun Jul 09, 2017 1:43 pm 
Offline
FlightAware Member
rjankowski - FlightAware user avatar

Joined: Thu Oct 16, 2014 5:43 pm
Posts: 191
Location: Central Florida
SoNic67 wrote:
The port forwarding would have to forward all the 8080 port requests from Internet towards the IP address of the PiAware. That would blok the use of the incoming port 8080 for the rest of the computers on the network.

That could easily be changed to any other port, most home firewalls are capable of port forwarding.

SoNic67 wrote:
Also, with a simple firewall/router you can't redirect port 80 to the PiAware,

I haven't seen a single router that is unable to accomplish this in many years.


SoNic67 wrote:
it will block the traffic to all others in the network.

It will point inbound connections to the Pi, but unless you're running a web server, that's completely meaningless. No internal to external internet traffic would be impacted

SoNic67 wrote:
Setting up a server to proxy that webpage is above a basic router capabilities.

Setting up a server to reverse proxy the connections is above most peoples capabilities, port forwarding is not that much work (though I don't advise putting your Pi directly accessible from the internet.


SoNic67 wrote:
A VPN tunnel to your network is a better way to achieve this IMO.

Way more complicated than the above, but still the most secure way to achieve remote connectivity.


Top
 Profile  
 
 Post subject: Re: pfSense Firewall and PiAware
PostPosted: Sat Jul 22, 2017 7:11 pm 
Offline
PrashantBalhara - FlightAware user avatar

Joined: Sat May 06, 2017 7:29 pm
Posts: 5
Greetings,
Can somebody help me in configuring my router so that i can view FlightFeeder Skyview map from outside of my local network, like on my cellphone when i am not at home. I am very new to this and i tried port forwarding in my router with following settings but it didn't work.
SERVICE PORT: 8080
INTERNAL PORT: 8080
IP ADDRESS: 192.168.0.100 (FLIGHTFEEDER's IP)
STATUS: ENABLED

I tried on my cellphone by typing my ISP IP address (183.82.66.77:8080) but it didn't work. I have TP-Link router and FlightFeeder 7.7.1.

Thanks


Top
 Profile  
 
 Post subject: Re: pfSense Firewall and PiAware
PostPosted: Sat Jul 22, 2017 7:22 pm 
Offline
FlightAware Member
SoNic67 - FlightAware user avatar

Joined: Fri Jun 16, 2017 7:44 pm
Posts: 72
Location: Newport News, Virginia, USA
That should work, that's what I did (different router).
Check again the external and internal IP's on your page: http://flightaware.com/adsb/stats/user/PrashantBalhara
Check with the cell provider if they don't block the port 8080. If they do, you could use another number, for example 1090 over the internet and set your router exception to forward the external 1090 to internal 8080.

PS: I have a Moto G4 Plus and, at times, it struggles with the map (weather and lots of planes).


Top
 Profile  
 
 Post subject: Re: pfSense Firewall and PiAware
PostPosted: Sat Jul 22, 2017 8:04 pm 
Offline
PrashantBalhara - FlightAware user avatar

Joined: Sat May 06, 2017 7:29 pm
Posts: 5
SoNic67 wrote:
That should work, that's what I did (different router).
Check again the external and internal IP's on your page: http://flightaware.com/adsb/stats/user/PrashantBalhara
Check with the cell provider if they don't block the port 8080. If they do, you could use another number, for example 1090 over the internet and set your router exception to forward the external 1090 to internal 8080.

PS: I have a Moto G4 Plus and, at times, it struggles with the map (weather and lots of planes).


Tried that too but still not working. I don't know if my cell provider blocks port 8080 or not. By router exception you ment to enter 1090 in service port and 8080 in internal port right?? Did that but still nothing. :?:


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ] 

All times are UTC - 6 hours [ DST ]


Who is online

Users browsing this forum: jluebbe, orellana and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to: