Cannot access url from same webserver

browserfiles

Hello,

I'm quite a newbie so please be gentle.

1. I have a web server  forwarded port 8080 (http://myurl.com:8080)
2. Browsing to the url from an external network works fine
3. Browsing to the url from another pc from the same network works fine
4. Browsing from the same host to the host url work fine (http://127.0.0.1:8080)
5. Browsing from the same host to the url gives out the following from the state: CLOSED:SYN_SENT

Any ideas please? Thank you.

browserfiles

State:
LAN tcp 192.168.20.14:2282 -> my.public.ip.address:8080 CLOSED:SYN_SENT 2 / 0  104 B / 0 B

johnpoz

So you using nat reflection?  Or these other hosts resolve myurl.com to your service private IP 192.168.20.14?

Why would you not just setup host overrride on dns so that myurl.com internally resolves to the 192.168.20.14 IP?

browserfiles

@johnpoz:

So you using nat reflection?  Or these other hosts resolve myurl.com to your service private IP 192.168.20.14?

Why would you not just setup host overrride on dns so that myurl.com internally resolves to the 192.168.20.14 IP?

Hi John, thank you for your time.

Yes I think I am using NAT reflection (it says "Use system default").
The other hosts does not resolve myurl.com to 192.168.20.14, it points to my public ip, hence with the 8080 port added to the url it forwards fine.

The main resaon I need this is for letsencrypt ssl. Letsencrypt api needs to browse the host that you are registering the ssl for. So to run the tool successfully, it generally needs to access "http://myurl.com:8080/plus-the-letsencrypt-acme-challenge" using the same host

Any ideas please?

johnpoz

And that has zero to do with using nat reflection.. Set your host override to point myurl.com to your servers local IP and now all your problems go away.

As to system default - which is what their are different modes of nat reflection. Maybe its disabled?  Mine is..

Why in the world would you want to hit your public IP, just to be reflected back into yourself..  Just seems pointless!!

Do yourself a favor - takes .2 seconds to setup.  Just do a host override so your local hosts (using pfsense for dns of course) resolve myurl.com to 192.168.20.14.

If your trying to do something with ssl, why are you using port 8080?  https would be port 443.  Are you doing a redirect on the port forward from 8080 to 443?  Do you have https listening on 8080 on this server? etc..

browserfiles

ah now i see where the complication starts…

i have a dns server on the network, its a web hosting platform for lots of domains and uses IIS which uses port 80 and 443. http://myurl.com is on an apache box.

anyways, since i only need to access http://myurl.com:8080 from the host itself every three months (letencrypt ssl renews every 3 months), i just temporarily pointed port 80 to the this ip, and accessed http://myurl.com instead. Then i  generated the ssl certificates and changed it back again.

its working now but quite weird... now i can access both http://myurl.com:8080 and https://myurl.com:8443 from within the host.

thank you for your time i really appreciated it.