• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Can't access my internal servers trough external URL anymore (HAProxy)

Scheduled Pinned Locked Moved pfSense Packages
5 Posts 3 Posters 978 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    Flemmingss
    last edited by Mar 7, 2021, 12:52 PM

    I think this is the right category.

    I am running pfSense 2.4.5-RELEASE-p1 with HAProxy 1.8.25 and ACME describes as it is here:
    https://flemmingss.com/duckdns-acme-and-haproxy-configuration-in-pfsense-complete-walkthrough/

    It has worked and worked with no problems (except for some SSL sert problems I don't think is relevant here)

    In short:
    I access my internal services trough https://servicename.mydomain.org
    This has always worked both from internal and external sources, but for the last 1-2 weeks it has just worked for external access.
    So if I am at work, it works, but if I am at home it does not, then I have to use my local IP http://10.0.24.8:1234 ect.

    I don't know that I should supply of info, bacause my settings has been unchanged for a long time, and I don't think I have done any relevant configuration.
    Anyone know what I can maybelook at for fixing this?
    7f6c8040-b9d8-4f97-bd4d-56375bafd378-image.png
    527caf5a-f3a7-4be8-8aef-ec9ba9ba0480-image.png

    D 1 Reply Last reply Mar 7, 2021, 1:51 PM Reply Quote 0
    • D
      Derelict LAYER 8 Netgate @Flemmingss
      last edited by Mar 7, 2021, 1:51 PM

      @flemmingss What IP address resolves for servicename.mydomain.org ? Where does that NAT occur? What are the exact URLs used for accessing? I assume you are using SNI and a different hostname for each service.

      Sounds like NAT reflection is broken.

      I would, honestly, use split DNS so inside hosts get 10.0.24.99 when they ask for servicename.mydomain.org and forget NAT reflection exists.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      J 1 Reply Last reply Mar 7, 2021, 2:22 PM Reply Quote 0
      • J
        johnpoz LAYER 8 Global Moderator @Derelict
        last edited by Mar 7, 2021, 2:22 PM

        @derelict said in Can't access my internal servers trough external URL anymore (HAProxy):

        Where does that NAT occur?

        Exactly.. Since your pfsense wan is rfc1918. Have to assume the fqdn your resolving to public IP upstream.. That upstream device would have to be doing nat reflection for this public fqdn to get sent back to pfsense so haproxy could see the traffic.

        If your saying this is no longer working, you need to look to where the nat is happening. And why its not sending back to pfsense wan IP at 10.0.24.99

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • F
          Flemmingss
          last edited by Flemmingss Mar 8, 2021, 10:45 AM Mar 8, 2021, 10:42 AM

          Im not sure if I understod all of this, but this is some of my settings:
          http://10.0.1.1/system_advanced_firewall.php
          Network Address Translation: Pure NAT
          Enable NAT Reflection for 1:1 NAT: [checked]
          Enable automatic outbound NAT for Reflection: [checked]
          http://10.0.1.1/system.php
          DNS Servers: 1.1.1.1 Gateway WAN_DHCP - wan <ip>

          If I should use SplitDNS is there any more describing how-to then this?
          https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html

          1 Reply Last reply Reply Quote 0
          • F
            Flemmingss
            last edited by Mar 11, 2021, 5:23 PM

            Solved.

            I did an update from 2.4.5_1 to 2.5.0, and now it works...
            It might just be the reboot, but idk

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received