Help with Error 522 - Can't reach my WebServer on pfSense/Cloudflare

Hello everyone, this is my first post here, and I hope I’m following all the rules correctly.

I’ve recently migrated my Proxmox to use pfSense as a firewall(I was previously using OPNsense).
However, I’m running into issues getting the Nginx Proxy Manager to work with pfSense.

I have a domain from Cloudflare and there is no issue to reach my external ip address.

This is the general idea of my simple setup.

Everything was fine when configured by OPNsense, but after a random serious crash i decided to meka the change to pfSense.

But the things come difficult when i start to make the NAT and port forwarding rules, because i CAN’T reach my internal services. Every time i got the Error 522 from Cloudflare.

Below, I’ve outlined my current settings. I hope this information might be useful, and I’m looking forward to any assistance to resolve my problem.

My configs:

  1. webConfigurator of pfSense works on 8443 port for not block 443 traffic

  2. Firewall > NAT:
    Nginx Proxy Manager IP =

WAN         TCP        * (any)       * (any)        WAN Address     443     443
WAN         TCP        * (any)       * (any)        WAN Address     80     80
  • Firewall Rules (automated NAT rules)
IPv4 TCP        * (any)       * (any)   WAN Address      443           *
IPv4 TCP        * (any)       * (any)   WAN Address      80            *
  • Listening port state of the Nginx Proxy Manager host
ss -nltp

Local Address:Port # https listening # Nginx Proxy Manager's WebUI # http listening
  • NAT configuration of firewall: Pure NAT

After all this, when i hit my website address from wan i got 522 error from Cloudflare.

I’m kind of lost at the moment to solve this problem. I believe there must be some wrong configuration between pfSense and Cloudflare, but I can’t find it. I’ve been stuck on this problem for 2 days now.

Thank you in advance for your help and suggestions!

Hi there,

Everything looks to be in order based on the configuration you have provided.

Are you able to connect to your external public facing IP?

If you use one of these commands, are you ale to connect to the port?

telnet 443
nc -zv 443

If you are able to connect, that suggests the configuration is ok and there is something specific to Cloudflare IP’s connecting to your public IP that is an issue.

Your firewall rules/NAT configuration does not look to be restricting down access to any specific ranges. Are these the only rules that exist, there are no other deny rules example that you are not including? - I’m wondering if perhaps there is a deny rule that is sitting above these rules taking priority and blocking before it hits these rules you have created.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.