Port 443 timeout using Netcat but is working in browser
-
@Frogg said in Port 443 timeout using Netcat but is working in browser:
DNS fwd/rev mismatch: domain.com != machinedomain
which is why what your doing is not the correct solution.. What you should be doing is dns resolution to access your machines via their local IPs vs nat reflection..
-
Do you have any clue on how i could achieve something like that ?
-
Yeah a simple host override so that whatever.domain.tld resolves to the actual local IP you want 192.168.1.4 I take it.
-
I added the domain name to the local 192.168.1.4 machine if i check /etc/hostname i get the domain name
But i don't think it would fix it has the domain name in the comparaison il the host xx.xx.xx.xx.rev.poneytelecom.eu reverse DNS
Or i am really missing something
-
On pfsense create a host override - your clients point to pfsense for dns right?
So whatever.domain.tld points to your local IP 192.168.1.4, and then the ptr for 192.168.1.4 would also resolve to that..
-
Thanks for the help,
but i fill like i am lacking of knowledge on this part.In network config of 192.168.1.4 (and all local machines) i use 192.168.1.1 as DNS
In the interface DNS resolver was disabled, so i enabled it and added the Host Overrides
Dig domain.com
;; ANSWER SECTION: domain.com 960 IN A internetIpDig - x domain.com
;; AUTHORITY SECTION: in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2020081164 1800 900 604800 3600i think i am missing something to have the same result as yours
-
@Frogg said in Port 443 timeout using Netcat but is working in browser:
i use 192.168.1.1 as DNS
And what is that? Is that not pfsense? This only works if what your using for dns for your local network actually ends up asking pfsense.. So the host override can be returned.
If your network is using 192.168.1.1 for dns, then setup your dns records there.
-
Yes 192.168.1.1 is PFSense
Maybe it require a reboot, i ll give a try -
You said the resolver was disabled - where you using forwarder (dnsmasq) If so then the host override would be setup there and not in the resolver (unbound). Both forwarder and resolver allow for host overrides. Set the override in whichever one your using.
You only can have either or running forwarder or resolver. You can not run both listening on 53.
A reboot is not required that is for sure.. But you may have issue with local caching on the client, so you would have to flush the local dns cache of whatever client your testing from.
-
Thanks again for the help!
Forwarder & Resolver (Now changed to enabled) was disabled
It seems i am using the default cache (so it should be flushed with reboot)
systemd-resolve --flush-caches Failed to flush caches: Unit dbus-org.freedesktop.resolve1.service not found.After reboot result is the same
any idea ?
-
@Frogg said in Port 443 timeout using Netcat but is working in browser:
Forwarder & Resolver (Now changed to enabled) was disabled
Huh? You can not use both at the same time.. You run into a race condition.. Which one are you using? Place your host override in the one your using.. They both allow for overrides.
Do a directed query to pfsense to validate it returns your records you put in host override..
C:\>dig @192.168.9.253 ahost.domain.tld ; <<>> DiG 9.16.6 <<>> @192.168.9.253 ahost.domain.tld ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8719 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ahost.domain.tld. IN A ;; ANSWER SECTION: ahost.domain.tld. 3600 IN A 192.168.1.4 ;; Query time: 0 msec ;; SERVER: 192.168.9.253#53(192.168.9.253) ;; WHEN: Tue Sep 08 13:40:59 Central Daylight Time 2020 ;; MSG SIZE rcvd: 61 C:\>nslookup Default Server: pi-hole.local.lan Address: 192.168.3.10 > server 192.168.9.253 Default Server: sg4860.local.lan Address: 192.168.9.253 > ahost.domain.tld Server: sg4860.local.lan Address: 192.168.9.253 Name: ahost.domain.tld Address: 192.168.1.4Pfsense in my case is 192.168.9.253