Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't access my internal servers trough external URL anymore (HAProxy)

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 3 Posters 979 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Flemmingss
      last edited by

      I think this is the right category.

      I am running pfSense 2.4.5-RELEASE-p1 with HAProxy 1.8.25 and ACME describes as it is here:
      https://flemmingss.com/duckdns-acme-and-haproxy-configuration-in-pfsense-complete-walkthrough/

      It has worked and worked with no problems (except for some SSL sert problems I don't think is relevant here)

      In short:
      I access my internal services trough https://servicename.mydomain.org
      This has always worked both from internal and external sources, but for the last 1-2 weeks it has just worked for external access.
      So if I am at work, it works, but if I am at home it does not, then I have to use my local IP http://10.0.24.8:1234 ect.

      I don't know that I should supply of info, bacause my settings has been unchanged for a long time, and I don't think I have done any relevant configuration.
      Anyone know what I can maybelook at for fixing this?
      7f6c8040-b9d8-4f97-bd4d-56375bafd378-image.png
      527caf5a-f3a7-4be8-8aef-ec9ba9ba0480-image.png

      DerelictD 1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate @Flemmingss
        last edited by

        @flemmingss What IP address resolves for servicename.mydomain.org ? Where does that NAT occur? What are the exact URLs used for accessing? I assume you are using SNI and a different hostname for each service.

        Sounds like NAT reflection is broken.

        I would, honestly, use split DNS so inside hosts get 10.0.24.99 when they ask for servicename.mydomain.org and forget NAT reflection exists.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @Derelict
          last edited by

          @derelict said in Can't access my internal servers trough external URL anymore (HAProxy):

          Where does that NAT occur?

          Exactly.. Since your pfsense wan is rfc1918. Have to assume the fqdn your resolving to public IP upstream.. That upstream device would have to be doing nat reflection for this public fqdn to get sent back to pfsense so haproxy could see the traffic.

          If your saying this is no longer working, you need to look to where the nat is happening. And why its not sending back to pfsense wan IP at 10.0.24.99

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • F
            Flemmingss
            last edited by Flemmingss

            Im not sure if I understod all of this, but this is some of my settings:
            http://10.0.1.1/system_advanced_firewall.php
            Network Address Translation: Pure NAT
            Enable NAT Reflection for 1:1 NAT: [checked]
            Enable automatic outbound NAT for Reflection: [checked]
            http://10.0.1.1/system.php
            DNS Servers: 1.1.1.1 Gateway WAN_DHCP - wan <ip>

            If I should use SplitDNS is there any more describing how-to then this?
            https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html

            1 Reply Last reply Reply Quote 0
            • F
              Flemmingss
              last edited by

              Solved.

              I did an update from 2.4.5_1 to 2.5.0, and now it works...
              It might just be the reboot, but idk

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.