Local Web Server Access from within…

mikeyh

I have really tried to resolve this without posting but, it has stumped me.

I have 7 or so web servers that I can not access from my local network. I have tried adding the domain names in the DNS tables and still nothing. It should be simple, I would think…

Thanks in advance.

Perry

http://forum.pfsense.org/index.php/topic,7001.0.html

mikeyh

Thanks for the reply. I have already been there and read every post and every tutorial regarding the issue. are there any screen shots of the DNS forwarding? Please!!!

Thank you,

GruensFroeschli

Before i can post screenshots i need to know more about how your setup is (there is more than one way to accomplish what you want)

Could you tell us if you are forwarding single ports to the servers?
Or are you 1:1 NATing?
Did you create VIP's on the WAN for your servers?

mikeyh

Thank you very much for taking the time.

I have set external IP in the 1:1 to the internal IP of each server.

I tested thru anonymous proxy servers that everyone can get to the web sites.

I setup the VIP's on the WAN and also set the port forwarding of the ports that needed to be went to the servers. I also created the allow rules. I can get to the servers via their internal IP addresses.

Other than not being able to just type the web name in, one of the main problems are, I can't send email to a couple of the other mail servers via: "someone@echovalve.com" or "someone@bmhnc.com" for example.

Thanks again,

GruensFroeschli

In the link Perry posted above i wrote:

NAT-Reflection does not work with 1:1 NAT
http://forum.pfsense.org/index.php?topic=7266.msg41244
quote:
You most likely need to setup split dns or add a port forward on top of the 1:1 nat to invoke reflection.  Reflection by default does not work with 1:1 nat's.    So your most likely resolving the public IP address which will not forward back across to the 1:1 server.

I attached below how this looks like for a server in my DMZ.
I might be not obvious but you can leave the host-field blank and thus foward a domain.
I have to do this because at my home i have double NAT and the resolved name is no the IP i have on WAN.

mikeyh

Thanks again for the screen shot. I had the settings like that already. I've been reading all of the information I could find before asking for help. I flushed the configuation out again and re-set it back up and it still doesn't work.

I have the 1:1 set as: 69.38.85.173/32 –> 192.168.0.1/32 then:

Port Forward I have:

If                Proto            Ext. port range                NAT IP              Int. port range                      Description

WAN          TCP/UDP            80 (HTTP)                  192.168.0.1                                                    Web 1
                                                                    (ext.: 69.38.85.173)        80 (HTTP)

Rules WAN

Proto      Source        Port            Destination            Port            Gateway          Schedule            Description

TCP/UDP      *              *              192.168.0.1          80 (HTTP)          *

GruensFroeschli

Is 192.168.0.1 the IP of your server?
The NAT IP has to be the IP of your server.

mikeyh

Internal IP of the server is:  192.168.0.1
External IP of the server is:  (ext: 69.38.85.173)

The external IP shows up in brackets in the same box but, below the internal IP

Perry

Some lan nic info could be nice maybe a diagram too…..

GruensFroeschli

Just to be sure: your clients have as DNS the pfSense right?

mikeyh

Our main server has always been the DNS server for all of our internal computers. It is configured in the DHCP services on that server. It has 2 entries that point to my ISP's DNS servers.
Should I remove these entries and just put the one for the pfSense in their place?

One of the NIC cards (LAN side) is on the mother board. The computer is a Dell Optiplex GX110. The other is a US Robotics 10/100/1000.

Again, thank you guys very much for ALL of your help!!!

hoba

You can manually add the dns-entry to your local dns server as well to resolve it to the internal IP instead of forwarding the request to the external dns servers which resolves the public IP. Check the manpages of your dns server how to do that.

mikeyh

I added the internal IP address of the pfSense to the DNS Server list in my SBS 2003 and still the same result…

hoba

That's not the same like entering the pfSense dnsforwarder as forward dns lookup. If it's just an additional DNS and not the frst one it will ask the first DNS server and as that resolves to the public IP it won't ever ask the pfSense dns forwarder.

mikeyh

Update on DNS issues. After removing my real DNS server entries from my SBS 2003 and adding the pfSense as the only entry, and following the previous instructions of adding the internal Web Servers local names and addresses in the DNS Forwarder area of the pfSense, all is well.

Thanks again very much.