Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Accessing self hosted sites from the same internal network

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 2 Posters 3.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bpb21
      last edited by

      I hope that description is clear!  I've poured over this question, off and on, for several weeks and I'm rather stumped.  Please pardon my basic level of understanding.

      Scenario: my pfSense setup has a static, external IP (let's say 4.3.2.1 for example) on the WAN interface and my domain, testing.123, points to 4.3.2.1.  I'm hosting a website on my network behind pfSense, on machine (again, fictitious, local IP) 192.168.1.10, and I have a NAT rule in pfSense to forward all incoming http requests to port 80 on 192.168.1.10.  This setup works great - from anywhere else in the world.  Going to testing.123 in your browser takes you right to the website.

      Trying to access testing.123 website from a computer on the same network, let's say my laptop at 192.168.1.20, doesn't work.  (I've reset my pfSense web interface to a non-standard port, so it wouldn't be looking for the web interface instead of the website.)  That's probably obvious to all of you DNS experts reading this (who I hope are reading this!).  If I go to 192.168.1.10 in a browser at home, the site will load but it's pretty slow.  It runs quite speedily when accessed from an external IP.

      Now, let's say I wanted to host something like ownCloud (or Nextcloud) at home, and be able to access it both at home and away from my home network.  I have that on 192.168.1.30 with a NAT rule forwarding https to 192.168.1.30 and it works fine when I'm not at home, but when on the home network the domain can't be resolved.  I'd have to change testing.123 to 192.168.1.30 in the client every time I change locations.

      Is this a situation where I need some redirect rules on the LAN side of the firewall or is this a DNS issue?

      With my basic cable modem as the only firewall between these servers and the internet at large, I just pointed the domain name records at my static IP and everything worked fine, at home or away.  With a basic pfSense setup in the middle, I'm no longer able to get to these sites.  I know if my basic home modem/router combo can do it, pfSense can do it.  But what am I missing?

      A few more details, as I know that's not much to go on.  I've got one WAN interface, configured with the static IP, and one LAN interface which assigns DCHP addresses.  The webserver has a static IP.  NAT incoming connections to port 80 redirected to 192.168.1.10 and the only plugin I've installed is pfBlocker.  The rest is just the out of the box configuration of pfSense 2.3.2.

      Any tips/pointers in the right direction are appreciated!

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        setup a host override for your testing.123 to point to your 192.168.1.30 or whatever address it is in the dns forwarder or the resolver which ever one your using.

        Or setup nat reflection, but that is a less efficient way of doing it.. Why bounce outside just to get reflected back in when your on same network as your server.. Just let pfsense resolve it to your local ip for you.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • B
          bpb21
          last edited by

          That's been helpful setting me on the right track.  However, I'm not there yet.

          From at home, I can set up https://nextcloud.testing.123 and connect locally - quite speedily since it doesn't leave the internal network.  But, I don't have a wildcard DNS so that doesn't work externally.  I did a port redirect to route all HTTPS to that particular internal IP address and with that (and forcing that server to only serve https, just in case) I can get to https://testing.123/nextcloud from the outside world.

          But, that's two different urls for the sync clients = same problem as before.

          I know I'm still not understanding the host/domain redirects.  But…yeah, I'm not understanding those.  (Using DNS Forwarder, BTW.)

          If I get to the pfSense webconfigurator at https://testing.123:[custom port], then wouldn't a domain redirect for testing.123 to the nextcloud server's IP no longer allow me to get to the pfSense webconfigurator?

          Arguably I shouldn't have that enabled from outside the firewall in the first place, but I had to set up and test an OpenVPN connection externally.  Maybe that's it…more testing ahead!  But thanks for your advice; it's put me on the right track to actually understanding this stuff.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            so you own testing.123 then create a A record for nextcould.testing.123  Or create whatever records you want something.testing.123 etc..  And if you want that to go multiple IPs behind pfsense then use a reverse proxy, etc.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • B
              bpb21
              last edited by

              Well, now I do.  Turns out it's a lot easier with a "real" hostname rather than trying to use one of the free dynamic DNS names.  (That's probably obvious.)

              Anyway, I've finally got it!  Thank you for your help; I probably would still be floundering around with this without it!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.