Allowing access HTTPS to server with Dyndns from inside
-
Hello guys,
I am trying to figure out how can I set this but I am still unable to do that.
So the scenario is that I have an external FQDN poiting to a wan IP, and I use it to access a webmail service from a server with exchange in a local private network. And I also have another local network for visitors where I am unable to use that FQDN to access the webmail service, there is a refused connection.
So I tried to add a new rule thinking that it could be from the other rules that I have added to avoid traffic between each network:
http://prntscr.com/en2jhq
But still nothing, I can access it through IP from that visitor network but I continue to get connection refuse with FQDN.
And If I disable the rule who is blocking access to pfsense administrative ports, I get this error message in browser when entering the FQDN:
404 not found
nginxBut I dont have nginx installed in my exchange server. I have already made a full search on it and nothing!
And there is more, this message from nginx also appearing when I try to use another FQDN that I have set with Dynamic DNS from dyndns in this private network.
From outside there are no issues, I can use both FQDNs to access my webmail service.
Before I have changed to pfsense I had a draytek here and in that time I already had raraly cases where it was a going to that nginx.
Note: In failover WAN is my main connection and there is another backup connection there.
So the question is how can I set my visitor network to have the same access to my webmail service like it was from a remote connection?
And why am I getting this nginx error if there is no service in my server running that, instead of the right webmail service?
Any extra config that you want II can provide!
UPDATE:
I forgot to say that with that new rule that I have created, if I use just the FQDN I go directly to my pfsense config page, and if I add the /owa who goes directly to webmail service, it shows the nginx.
The expencted result would be without /owa to show a login where it can be choose webmail and other services, with /owa it goes directly to webmail service.
UPDATE1:
I have finally figure out where nginx is, after checking well pfsense for another reason, I found out that is installed in pfsense for the GUI. So draytek was using the same service, but there I was unable to search under the hook. And seems like when I am in the visitor network I will have both HTTPS pfsense GUI and exchange battling for the same 443 port. Now I am thinking in changing HTTPS pfsense GUI port to be able to use exchange every where in this pfsense.
I did said but in the internal network I am using the DNS from this exchange server.
But still cannot figure out why with the FQDN I am able, inside of the network where I have the server, to use it, but with the dynamic DNS from dyndns, I continuous to see the nginx and doesnt go for the server. Looks like there is a DNS issue, because it stays in WAN IP and not in the local server IP.
-
Since this problem is being a struggle, I will resume it.
I have two FQDNs pointed to a static IP, who is being used in the WAN port. One is set in a remote server, the remote.x.pt (FQDN1), the other is set by dyndns, x.dyndns.biz(FQDN2).
In my pfsense I have a NAT rule to forward traffic to a internal server from port 443 to port 443.
I am blocking traffic each network in my pfsense router, who are two networks.
I have changed router config GUI https to port 8080.
So this is the output from three possible scenarios, where the last two are inside of my pfsense router:
From internet:
FQDN1: Can access to webservice
FQDN2: Can access to webservice
Private IP: Can access to webserviceFrom internal network where the server is:
FQDN1: Can access to webservice
FQDN2: It was showing router GUI but now there is nothing, and with more location inputs such as /owa who is my webmail service, I get a nginx error, saying page not found.
Private IP: Same output from FQDN2From visitor network:
FQDN1: Cannot access to webservice, it was saying before connecting refused because of firewall, but now after changing port it is not showing nothing.
FQDN2: Same output from FQDN1.
Private IP: Same output from FQDNs. -
Topic update:
From what I have seen that nginx error come from pfsense router, who is the service running the web GUI as I have notice. And Draytek was using the same service for is web GUI. Maybe because it is more lighter then others.
I have created a Host Overrides for the dyndns URL pointing it to that server in DNS Resolver and it is working now.
Now the problem is just the access from the visitor network, that I will have to see better.