Can't access Owncloud Public Access (portforwarding) using LAN Subnet



  • I'm trying to access my Owncloud Public Access on LAN1 network but unfortunately no access while the LAN2 network can access.

    My current setup:

    2 LAN network (LAN1-192.168.0.0/23 & LAN2-192.168.100.0/24)
    2 WAN network (ISP1-StaticIP & ISP2-StaticIP)

    Note:
    Both LAN1 and LAN2 have same firewall rules
    setup of port forwarding is accessible on public (Internet)
    port forwarding is setup on LAN1 network (redirect to 192.168.0.23)

    Any idea why LAN1 network can't access the Public Access of my Owncloud?


  • Rebel Alliance Global Moderator

    Why would you not just access the rfc1918 address directly, or the fqdn that resolves to the rfc1918 address?

    if you want to use public IP just to get sent back into your own network you have to setup nat reflection.



  • @johnpoz:

    Why would you not just access the rfc1918 address directly, or the fqdn that resolves to the rfc1918 address?

    Users want to access it on Public because they use owncloud as ftp server and send the link for their clients.

    if you want to use public IP just to get sent back into your own network you have to setup nat reflection.

    i already setup nat reflection.



  • Rebel Alliance Global Moderator

    What other rules you have with specific gateways on your different lans.. You say you have 2 wan, etc.

    What did you set on your specific rule, that is just the system settings.

    Again accessing the rfc1918 address is much cleaner/better solution.. Its completely pointless to send the traffic through pfsense just to come back to the local lan..



  • @johnpoz:

    What other rules you have with specific gateways on your different lans.. You say you have 2 wan, etc.

    both LAN1 & LAN2 have same gateways. i created 3 gateway group for loadbalance, failover1 and failover2

    What did you set on your specific rule, that is just the system settings.

    both LAN1 & LAN2 have traffic shaper rule. On LAN1 network I configured squid proxy server and squidgard for filtering with Scheduled firewall rules while on LAN2 network I configured Captive Portal for Wifi Access.

    Again accessing the rfc1918 address is much cleaner/better solution.. Its completely pointless to send the traffic through pfsense just to come back to the local lan..

    Note:

    -Only LAN1 network have issue on accessing Owncloud Public Access while the LAN2 network can access.
    -I setup firewall rules with full access on both LAN network to check why I encountered this issue. for testing purposes
    -When I access public IP of my WAN1 and WAN2 on LAN network (LAN1 and LAN2) both can access the login page of my pfsense instance.

    Additional info:
    I was able to access the Owncloud Public IP on LAN network using PfSense 2.2.6 before.
    I create new firewall using latest version of PfSense 2.3.2-RELEASE-p1 (amd64) and setup again the configuration. with this setup I was not able to access my Owncloud on LAN1 network.

    Any idea?



  • bump to this.


  • Rebel Alliance Global Moderator

    Not without you posting your actual config so can see what your doing wrong.  Your just talking port 80 are you not?  did you sniff to see what is happening?

    Click click here on same wan my lan is using and can use reflection.




  • See attached image for the screenshots of my config















  • Rebel Alliance Global Moderator

    And where are you allowing the traffic to your wan IP out on your lan rules?  So they could be reflected back in?



  • Capture1.2.JPG is LAN1 network as you can see there's a rule traffic to MIS_Group (Source) showing that the Destination and Destination port is set "any".

    Capture1.3.JPG is LAN2 network as you can see there's a rule traffic to Captive_MIS (Source) showing that the Destination is set to any and the port is ROUTER_ports





  • Rebel Alliance Global Moderator

    But your forcing that out a specific gateway.. your BL..  How is nat refection going to work??  Your going to nat that IP to your BL ip, then go and hit your wan IP??  If you can even?  That sure wouldn't be nat reflection.

    Sorry but looks like a real convoluted mess you have..  Again what is the freaking point of the nat reflection when the IP your trying to get to is on the same lan anyway??



  • Hi, Did you check the attached image Capture1.5.JPG, showing my NAT rule? Also please check the Capture1.7.JPG and Capture1.8.JPG.

    I also mention on my previous note that I allow the LAN1 network to full access but still no access to Owncloud Public Access. Also, I disable all the special rule like limiter, set default the gateway and etc to verify the cause of problem but still can't access.


  • Rebel Alliance Global Moderator

    Dude I did check.. And your forcing the connection out your BL, capture 1.2

    For only stuff that is in mis group.  You have not other rules that would allow outbound at all to your wan IP.