4. Access webserver internally, DNS host oveerride doesnt work

Access webserver internally, DNS host oveerride doesnt work

  • P

    Hello,

    so I have a webserver which I can access internally (on same LAN) using "https://mywebsite" (only 443/https is enabled on this server).

    Using "https://mywebsite_ip" also works internally.

    From the internet (outside of the LAN) it works flawlessly with "mywebsite.ddns.net".  The DNS address gets forwarded to my public IP and port forward in pfsense forwards the traffic to "https://mywebsite" and the site is available.

    Internally, I cannot access the server using its public DNS address (mywebsite.ddns.net).  I would like to be able to do so in order to uniformize the address used to access the website.  Right now I have an internal address and an external.  On our mobile devices we are using a sync app in which we need to manually change the address before syncing otherwise it wont be able to access the webserver.

    I tried with NAT reflection, didnt work.  I followed the advice given on this forum which is to bounce the internal request via a DNS host override to the internal IP.  It doesnt work, but I  strongly believe it has to do with the fact that my webserver only works on https.

    Right now, host override is configured as this:

    Host:  mywebsite
    Domain: ddns.net
    IP: internal IP
    Desc:  some stuff

    What should I do?

    0
  • V

    That can't be an issue of https.

    With your DNS host override it should work.
    Are you shure, your LAN devices are using pfSense for DNS? Do a NS lookup to check which DNS server is in use and what you're getting back.

    0
  • P

    It works.  The issue was indeed http not being redirected to https.  Apache was misconfigured and was serving a blank page.  After fixing the redirect instructions in the apache conf file, and restarting the httpd service, I tried (with the DNS host override in pfsense's DNS config active) and it works!

    BTW nslookup yields this on LAN machines (similar or identical for all):

    user@pc ~ $ nslookup mywebsite.ddns.net
    Server: 127.0.1.1
    Address: 127.0.1.1#53

    Name: mywebsite.ddns.net
    Address: 192.168.1.100

    "192.168.1.100" is the actual IP of the VM where the site is hosted on the LAN.  SO I take that it works??

    Thanks!

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy