pfSense Firewall and PiAware


#1

Recently implemented a pfSense based firewall and can’t get the port forwarding set up correctly to view the Skyview map away from the home network. Piaware feeds the internal view from the stock port 8080 and FA is getting the feed data, so the Pi3 is working just fine. DDNS provider is working and confirmed online.

If anyone has a pfSense setup, I would appreciate your insight on how the port forwarding and/or FW rules are set up to allow external network viewing. Thanks!


#2

SkyView works only on local network.


#3

Well, yes and no.

By opening ports on your router and forwarding incoming requests from the internet to Skyview, you make it available from outside of your home network.

@ phodge,

I’m assuming you have opened/forwarded the relevant port(s) on your home router to pfsense ?

I don’t know pfsense, but a quick google brings this, for example
turbofuture.com/computers/Port- … figure-NAT

I simply use an old R-Pi that runs nginx as a reverse proxy to provide access to my piaware (and other web based data).

Nigel.


#4

Thanks Nigel for that Turbofuture site. A commenter on that post hinted an associated FW rule is needed for any port forwarding rule. The pfSense documentation isn’t all that clear on the need for an associated rule.

Also helpful is this open port checker shown on that web site. It confirmed the open port 8080 after I got the FW rule in place. yougetsignal.com/tools/open-ports/


#5

I just tried on my pfsense and it works. you do need to add an associated rule too, as the port forward is one thing, but then you still need a firewall rule to let the traffic through. I usually just check the box to add the associated rule and it does it on it’s own. I have a flight feeder so not sure if it’s different, but the main page is actually on port 80, then the map view is on port 8080. I forwarded port 8080 and it worked. Just tried from my phone using my data plan to ensure I’m accessing it from outside the network.

You can test it here if you want to see if it works for you (to rule out an oddity at your end)

home.iceteks.net:8080

I will be turning this down in the next day or so though, just doing this as a test but feel free to check it out while it’s up. Actually come to think of it, I should move this to my “internet facing” vlan and just keep it up all the time. It’s currently on my wifi vlan which is fairly secured from the rest of the network but the internet facing one is where I put all the stuff that opens up ports to the outside. The beauty of pfsense and vlans is splitting stuff up in different risk groups/vlans.


#6

The port forwarding would have to forward all the 8080 port requests from Internet towards the IP address of the PiAware. That would blok the use of the incoming port 8080 for the rest of the computers on the network.
Also, with a simple firewall/router you can’t redirect port 80 to the PiAware, it will block the traffic to all others in the network.
Setting up a server to proxy that webpage is above a basic router capabilities.

A VPN tunnel to your network is a better way to achieve this IMO.


#7

I use a reverse proxy to do this…

http://radar.clanlawrence.co.uk


#8

That could easily be changed to any other port, most home firewalls are capable of port forwarding.

I haven’t seen a single router that is unable to accomplish this in many years.

It will point inbound connections to the Pi, but unless you’re running a web server, that’s completely meaningless. No internal to external internet traffic would be impacted

Setting up a server to reverse proxy the connections is above most peoples capabilities, port forwarding is not that much work (though I don’t advise putting your Pi directly accessible from the internet.

Way more complicated than the above, but still the most secure way to achieve remote connectivity.


#9

Greetings,
Can somebody help me in configuring my router so that i can view FlightFeeder Skyview map from outside of my local network, like on my cellphone when i am not at home. I am very new to this and i tried port forwarding in my router with following settings but it didn’t work.
SERVICE PORT: 8080
INTERNAL PORT: 8080
IP ADDRESS: 192.168.0.100 (FLIGHTFEEDER’s IP)
STATUS: ENABLED

I tried on my cellphone by typing my ISP IP address (183.82.66.77:8080) but it didn’t work. I have TP-Link router and FlightFeeder 7.7.1.

Thanks


#10

That should work, that’s what I did (different router).
Check again the external and internal IP’s on your page: flightaware.com/adsb/stats/user/PrashantBalhara
Check with the cell provider if they don’t block the port 8080. If they do, you could use another number, for example 1090 over the internet and set your router exception to forward the external 1090 to internal 8080.

PS: I have a Moto G4 Plus and, at times, it struggles with the map (weather and lots of planes).


#11

Tried that too but still not working. I don’t know if my cell provider blocks port 8080 or not. By router exception you ment to enter 1090 in service port and 8080 in internal port right?? Did that but still nothing. :question: