Can't access my internal servers trough external URL anymore (HAProxy)
-
I think this is the right category.
I am running pfSense 2.4.5-RELEASE-p1 with HAProxy 1.8.25 and ACME describes as it is here:
https://flemmingss.com/duckdns-acme-and-haproxy-configuration-in-pfsense-complete-walkthrough/It has worked and worked with no problems (except for some SSL sert problems I don't think is relevant here)
In short:
I access my internal services trough https://servicename.mydomain.org
This has always worked both from internal and external sources, but for the last 1-2 weeks it has just worked for external access.
So if I am at work, it works, but if I am at home it does not, then I have to use my local IP http://10.0.24.8:1234 ect.I don't know that I should supply of info, bacause my settings has been unchanged for a long time, and I don't think I have done any relevant configuration.
Anyone know what I can maybelook at for fixing this?
-
@flemmingss What IP address resolves for servicename.mydomain.org ? Where does that NAT occur? What are the exact URLs used for accessing? I assume you are using SNI and a different hostname for each service.
Sounds like NAT reflection is broken.
I would, honestly, use split DNS so inside hosts get 10.0.24.99 when they ask for servicename.mydomain.org and forget NAT reflection exists.
-
@derelict said in Can't access my internal servers trough external URL anymore (HAProxy):
Where does that NAT occur?
Exactly.. Since your pfsense wan is rfc1918. Have to assume the fqdn your resolving to public IP upstream.. That upstream device would have to be doing nat reflection for this public fqdn to get sent back to pfsense so haproxy could see the traffic.
If your saying this is no longer working, you need to look to where the nat is happening. And why its not sending back to pfsense wan IP at 10.0.24.99
-
Im not sure if I understod all of this, but this is some of my settings:
http://10.0.1.1/system_advanced_firewall.php
Network Address Translation: Pure NAT
Enable NAT Reflection for 1:1 NAT: [checked]
Enable automatic outbound NAT for Reflection: [checked]
http://10.0.1.1/system.php
DNS Servers: 1.1.1.1 Gateway WAN_DHCP - wan <ip>If I should use SplitDNS is there any more describing how-to then this?
https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html -
Solved.
I did an update from 2.4.5_1 to 2.5.0, and now it works...
It might just be the reboot, but idk