Are credentials successfully obtained when browsing to the malicious site from LAN? When using this attack vector, typically I do not modify anything in set_config. Server port should definitely be left to 80. Get this working locally fist, then to get it working externally, all you would need to do then is forward the port, and nothing more. With this particular attack, there is little difference between external and internal.