Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't access Owncloud Public Access (portforwarding) using LAN Subnet

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      adlesirc
      last edited by

      I'm trying to access my Owncloud Public Access on LAN1 network but unfortunately no access while the LAN2 network can access.

      My current setup:

      2 LAN network (LAN1-192.168.0.0/23 & LAN2-192.168.100.0/24)
      2 WAN network (ISP1-StaticIP & ISP2-StaticIP)

      Note:
      Both LAN1 and LAN2 have same firewall rules
      setup of port forwarding is accessible on public (Internet)
      port forwarding is setup on LAN1 network (redirect to 192.168.0.23)

      Any idea why LAN1 network can't access the Public Access of my Owncloud?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Why would you not just access the rfc1918 address directly, or the fqdn that resolves to the rfc1918 address?

        if you want to use public IP just to get sent back into your own network you have to setup nat reflection.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • A
          adlesirc
          last edited by

          @johnpoz:

          Why would you not just access the rfc1918 address directly, or the fqdn that resolves to the rfc1918 address?

          Users want to access it on Public because they use owncloud as ftp server and send the link for their clients.

          if you want to use public IP just to get sent back into your own network you have to setup nat reflection.

          i already setup nat reflection.

          capture1.JPG
          capture1.JPG_thumb

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            What other rules you have with specific gateways on your different lans.. You say you have 2 wan, etc.

            What did you set on your specific rule, that is just the system settings.

            Again accessing the rfc1918 address is much cleaner/better solution.. Its completely pointless to send the traffic through pfsense just to come back to the local lan..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • A
              adlesirc
              last edited by

              @johnpoz:

              What other rules you have with specific gateways on your different lans.. You say you have 2 wan, etc.

              both LAN1 & LAN2 have same gateways. i created 3 gateway group for loadbalance, failover1 and failover2

              What did you set on your specific rule, that is just the system settings.

              both LAN1 & LAN2 have traffic shaper rule. On LAN1 network I configured squid proxy server and squidgard for filtering with Scheduled firewall rules while on LAN2 network I configured Captive Portal for Wifi Access.

              Again accessing the rfc1918 address is much cleaner/better solution.. Its completely pointless to send the traffic through pfsense just to come back to the local lan..

              Note:

              -Only LAN1 network have issue on accessing Owncloud Public Access while the LAN2 network can access.
              -I setup firewall rules with full access on both LAN network to check why I encountered this issue. for testing purposes
              -When I access public IP of my WAN1 and WAN2 on LAN network (LAN1 and LAN2) both can access the login page of my pfsense instance.

              Additional info:
              I was able to access the Owncloud Public IP on LAN network using PfSense 2.2.6 before.
              I create new firewall using latest version of PfSense 2.3.2-RELEASE-p1 (amd64) and setup again the configuration. with this setup I was not able to access my Owncloud on LAN1 network.

              Any idea?

              1 Reply Last reply Reply Quote 0
              • A
                adlesirc
                last edited by

                bump to this.

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  Not without you posting your actual config so can see what your doing wrong.  Your just talking port 80 are you not?  did you sniff to see what is happening?

                  Click click here on same wan my lan is using and can use reflection.

                  natreflection.png
                  natreflection.png_thumb

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • A
                    adlesirc
                    last edited by

                    See attached image for the screenshots of my config

                    Capture1.2.JPG
                    Capture1.2.JPG_thumb
                    Capture1.3.JPG
                    Capture1.3.JPG_thumb
                    Capture1.4.JPG
                    Capture1.4.JPG_thumb
                    Capture1.5.JPG
                    Capture1.5.JPG_thumb
                    Capture1.6.JPG
                    Capture1.6.JPG_thumb
                    Capture1.7.JPG
                    Capture1.7.JPG_thumb
                    Capture1.8.JPG
                    Capture1.8.JPG_thumb

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      And where are you allowing the traffic to your wan IP out on your lan rules?  So they could be reflected back in?

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • A
                        adlesirc
                        last edited by

                        Capture1.2.JPG is LAN1 network as you can see there's a rule traffic to MIS_Group (Source) showing that the Destination and Destination port is set "any".

                        Capture1.3.JPG is LAN2 network as you can see there's a rule traffic to Captive_MIS (Source) showing that the Destination is set to any and the port is ROUTER_ports

                        Capture1.9.JPG
                        Capture1.9.JPG_thumb
                        Capture2.2.JPG
                        Capture2.2.JPG_thumb

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          But your forcing that out a specific gateway.. your BL..  How is nat refection going to work??  Your going to nat that IP to your BL ip, then go and hit your wan IP??  If you can even?  That sure wouldn't be nat reflection.

                          Sorry but looks like a real convoluted mess you have..  Again what is the freaking point of the nat reflection when the IP your trying to get to is on the same lan anyway??

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          1 Reply Last reply Reply Quote 0
                          • A
                            adlesirc
                            last edited by

                            Hi, Did you check the attached image Capture1.5.JPG, showing my NAT rule? Also please check the Capture1.7.JPG and Capture1.8.JPG.

                            I also mention on my previous note that I allow the LAN1 network to full access but still no access to Owncloud Public Access. Also, I disable all the special rule like limiter, set default the gateway and etc to verify the cause of problem but still can't access.

                            1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator
                              last edited by

                              Dude I did check.. And your forcing the connection out your BL, capture 1.2

                              For only stuff that is in mis group.  You have not other rules that would allow outbound at all to your wan IP.

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.