Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Cannot access url from same webserver

    NAT
    2
    6
    378
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      browserfiles last edited by

      Hello,

      I'm quite a newbie so please be gentle.

      1. I have a web server  forwarded port 8080 (http://myurl.com:8080)
      2. Browsing to the url from an external network works fine
      3. Browsing to the url from another pc from the same network works fine
      4. Browsing from the same host to the host url work fine (http://127.0.0.1:8080)
      5. Browsing from the same host to the url gives out the following from the state: CLOSED:SYN_SENT

      Any ideas please? Thank you.

      1 Reply Last reply Reply Quote 0
      • B
        browserfiles last edited by

        State:
        LAN tcp 192.168.20.14:2282 -> my.public.ip.address:8080 CLOSED:SYN_SENT 2 / 0  104 B / 0 B

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by

          So you using nat reflection?  Or these other hosts resolve myurl.com to your service private IP 192.168.20.14?

          Why would you not just setup host overrride on dns so that myurl.com internally resolves to the 192.168.20.14 IP?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

          1 Reply Last reply Reply Quote 0
          • B
            browserfiles last edited by

            @johnpoz:

            So you using nat reflection?  Or these other hosts resolve myurl.com to your service private IP 192.168.20.14?

            Why would you not just setup host overrride on dns so that myurl.com internally resolves to the 192.168.20.14 IP?

            Hi John, thank you for your time.

            Yes I think I am using NAT reflection (it says "Use system default").
            The other hosts does not resolve myurl.com to 192.168.20.14, it points to my public ip, hence with the 8080 port added to the url it forwards fine.

            The main resaon I need this is for letsencrypt ssl. Letsencrypt api needs to browse the host that you are registering the ssl for. So to run the tool successfully, it generally needs to access "http://myurl.com:8080/plus-the-letsencrypt-acme-challenge" using the same host

            Any ideas please?

            1 Reply Last reply Reply Quote 0
            • johnpoz
              johnpoz LAYER 8 Global Moderator last edited by

              And that has zero to do with using nat reflection.. Set your host override to point myurl.com to your servers local IP and now all your problems go away.

              As to system default - which is what their are different modes of nat reflection. Maybe its disabled?  Mine is..

              Why in the world would you want to hit your public IP, just to be reflected back into yourself..  Just seems pointless!!

              Do yourself a favor - takes .2 seconds to setup.  Just do a host override so your local hosts (using pfsense for dns of course) resolve myurl.com to 192.168.20.14.

              If your trying to do something with ssl, why are you using port 8080?  https would be port 443.  Are you doing a redirect on the port forward from 8080 to 443?  Do you have https listening on 8080 on this server? etc..


              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

              1 Reply Last reply Reply Quote 0
              • B
                browserfiles last edited by

                ah now i see where the complication starts…

                i have a dns server on the network, its a web hosting platform for lots of domains and uses IIS which uses port 80 and 443. http://myurl.com is on an apache box.

                anyways, since i only need to access http://myurl.com:8080 from the host itself every three months (letencrypt ssl renews every 3 months), i just temporarily pointed port 80 to the this ip, and accessed http://myurl.com instead. Then i  generated the ssl certificates and changed it back again.

                its working now but quite weird... now i can access both http://myurl.com:8080 and https://myurl.com:8443 from within the host.

                thank you for your time i really appreciated it.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post