Problem accessing internal webservers via external addresses
-
What kind of nonsense rabbit whole you going down??
Do you think you could complex up something more? I have gone over the correct way to do this.. Have fun with such nonsense.
-
I've already told you several times why your way isn't possible with the necessary port setup of the home automation software I use and have several years of development sunk into. But if this is your way of saying "no, that is not possible", then please say that. If it's your way of saying "I have no idea if that's possible", then please say that too, in that case I will experiment with it. I just didn't want to experiment with something that wasn't possible.
Edit: I actually thought that anything that M0n0wall could easily do would be just as easy to do with pfSense, but I was probably wrong.
-
Then you the ports int he url! why do you even need to use different domains... Just use the same one with the different ports on the end.. Its pointless calling out auto1 and auto2.com
You can use whatever ports you want in your reverse proxy.. If you want to send auto1.com to ipaddress:1234 and auto2.com to ipaddress:4567 have at it.
Hitting some outside url, to get sent to your public IP:port - and nat reflect then in if you want will work.. You just need nat reflection setup.
be way simpler to just use the url with port in.. Then you could do split dns and not have to do any of this nonsense.
-
No, I don't (as I explained earlier) want to use ports in the URL because telling guests to tap in :1234 after the URL when they are going to access it (Airbnb guests that I rent my house out to in the summer and cover much of my mortgage with, much because it's a combination of a 1700's house with 2000's tech) is confusing them. I tried that first, that's why I started using webhops that adds the port.
-
Oh, and the auto1 and so on is just examples, so I don't put my actual addresses out here. ;) I have addresses that are directly
connectedrelated (that was ambigous when talking about networks) to the house and easy to understand (somewhat like www.whitehouse.com). -
johnpoz, I was looking for the answer to another question (splitting into different severs from WAN, I thought that wasn't reverse proxy, but it seems it is), and I stumbled over an old post by you where you actually use the same argument as me:
You can not run 30 http servers behind 1 public IP. Unless you use different ports on the 1 public IP you have. public.IP.80 –> private.1.80 public.IP.81 --> private.2.80 public.IP.81 --> private.3.80 But that method BLOWS because from the public side you would have to put the port in your url like http://www.domainA.tld:80 or http://www.domainB.tld:81, etc…
Exactly like you I think putting ports in an URL BLOWS!
-
If you had 30 server putting in ports blows yes.. Get 30 IPs, or use a reverse proxy where did I say use a freaking webhop and then nat reflection??
You want to make it simple for your guest. Then send them to a bookmark page with the urls listed for them - they don't have to see the ports, they down even have to see the full urls - you have a link that says
Light
Fireplace
BlindsOr whatever it is your wanting to control
Other option is if you have 30 servers, then get 30 public IPs
-
Well, it was mostly the ports on the public side. And no, I can't use one address simply because it's to confusing. Three different zones in the house, and rental guests use one or the other, never the third, and never both the two first. ;) But I am going to work on my freakshow next week and see if I can get HA Proxy to work the way I'd like. I never give up until it's proven impossible. Oh, this is what my web radio page looks like. Pressing any button means that you start playing that radio channel in that zone, and the zones only have speakers, nothing more. Amps are all in the technical room. It's possible to use AirPlay and Bluetooth streaming on the same system, that's in another page. I can't really imagine how to make it more selfexplanatory. On a phone or another screen that can't show everything at once you scroll to the right, and the first column (were the room names are) follows.
-
Today I had time to mess around with this, and it worked better than I thought it would. I have now converted the webhops to regular hosts, and I don't have to mess with ports at all. I have split the DynDNS hosts into auto.com/auto2.com, anotheraddress.com/anotheraddress2.com and so on. The first is always EventGhost, and 2 is always Girder. From both outside and inside this goes to the frontend of HA proxy on my pfSense box, 192.68.1.1 (from the inside I think it's going directly, but I haven't yet pulled the plug on the Internet connection to verify that). There the pages are split according to name (host matches auto.com and so on), into one of six pfSense VM's with one NIC in (from the 1.1 pfSense) and one pure host NIC (VMWare's virtual network cards that don't need a physical card) to 192.168.1.50-56, which has the internal networks 192.168.3.x-8.x
These virtual NICs are also connected to the automation VM, so it has now 8 NICs (the two physical for contact with the hardware, and those to the VM pfSense). Only the VM pfSenses mess with ports, converting 80 to the necessary port for the webserver instances that are running inside.
This actually works perfectly, with much faster response than before, when I had it hairpin through one M0n0wall and one Asus router.
Dirty? Probably. Working? Indeed. I'm satisfied. ;)
-
@mastiff said in Problem accessing internal webservers via external addresses:
I have now converted the webhops to regular hosts, and I don’t have to mess with ports at all.
There you go - almost there.. Why are you bouncing your internal off your ha proxy? Why not just resolve to whatever the internal IP is?
-
Surprising! I actually thought you'd say that using several pfSense VM's like that was to messy. ;)
Because the internal on one subnet is on the inside of a Windows server, and I have no idea how to route a Windows server setup outwards (from 192.168.0.x internal LAN to 192.168.1.x external (pfSense) LAN. I believe A hosts on Windows can only go to the internal LAN.
And the other subnet (for the main rental appartment) is split from my external LAN, on 10.0.0.x and on a regular cheap ass Belkkin wifi router, and I'm pretty sure that has no ability to route on WAN either.
Or is there a way to route it on the pfSense physical box (subnets 192.168.1.1/10.0.0.1) without using HA proxy?
-
It is... And no point to it... Just give your software the nics..
BTW your interface that is your interface - its HORRIBLE. Looks like there should be a dancing baby somewhere a loader.
Or is there a way to route it on the pfSense physical box (subnets 192.168.1.1/10.0.0.1) without using HA proxy?
Do you mean route or proxy.. Routing has no clue to www.domain.com something.. To be honest if this software your using has to use port xyz, and can not have multiple IPs and you don't want to use port xyz in your url.. Then use something else..
Why can you not take the horrible looking web page interface and hide the :port part of the url behind it? To honest I am done with this sort of discussion. Your going down a even more complex rabbit whole for no reason.. It hurts my brain having to discuss it even.. Why do you need all fhese other pfsense VMS exactly?? Because you don't know how to give your windows machine more IPs? What? Your software can not listen on more than 1 IP for a function?
All of this nonsense so you user doesn't have to use :port in their url - but its ok that they have to use 4 different domains? Just hide all of that from the user by sending them to some web site at www.whatever.com All of the urls that actually do anything can be hidden from the user.
-
Do you really have to be so bloody difficult? I don't give a f... about the nomenclature, when I say routing I just mean that it sends the browser to the correct place. And you are really, really, really not listening, are you? Two subnets, different clients every week in the summer, I don't give a f... how complex it is on the inside as long as it's easy to use for the end user. And if you had paid attention at all you'd know that the users only have one domain they need to worry about. There are three different automation zones in the house, and one user will only be in one of the zones. I have mentioned the Airbnb rental before. Also they only need to know the first, because they will always get to the same page (the most used page with audio/video switching) first, and then they can get to the heating/cooling system with the links in the upper left corner, and that's where the second webserver for that zone comes in.
Oh, and the interface is perfect, actually. It takes me no time at all to explain how new renters (of which I usually have 8 families every summer, for the 8 weeks I rent that part of the house out to tourists) has to use it to get the radio channels they want to listen to, or to switch to TV or Blu-ray or Bluetooth streaming. Fancy web design is just messing up things, on the user side I want it as simple and basic as possible. I actually tried out text links versus this interface on a small, techno disabled focus group (mainly my parents and ten of their friends), but they found this interface much easier to understand.
But never mind, I'll just try to google the rest.
-
OK, sorry. I should probably be a bit more polite. After all you are an older guy. While I'm a young buck at 52!