Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Cannot access domain from local network

    General pfSense Questions
    4
    11
    900
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hbh7 last edited by

      Hello everyone.

      I've got (what I think is) a really weird issue. So, I've got pfsense running on a machine of mine. Everything is working great except for one thing. I've got a domain that I own, (not sure if I'm allowed to post it or not…) and I've set up port forwarding rules to access the services on it, which works fine.... from the rest of the internet.

      Basically, I've got a port 80 webserver that if you go to my domain on any machine in the world except for one in my network, it works. For some reason, if I try to access the domain at all in my local network, it times out. This goes for HTTP traffic, SSH traffic, and everything else as far as I can tell.

      Something else I thought was odd was that I can ping my domain and get a response from inside the LAN. I'd think that wouldn't work since nothing else involving the domain does.

      If anyone has any idea what might be going on, or if anyone needs more information about my set up, let me know. Thanks

      -hbh7

      1 Reply Last reply Reply Quote 0
      • F
        fragged last edited by

        Seems like you are using the same domain as your local network. Maybe use something.domain.com for home and domain.com for public site and add a host override for the public address.

        1 Reply Last reply Reply Quote 0
        • A
          almabes last edited by

          This sounds like a DNS issue. 
          https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

          Method 2 is the way to go.

          1 Reply Last reply Reply Quote 0
          • H
            hbh7 last edited by

            Ok 2 responses. Let me see…

            Fragged: The pfsense box is called pfsense.mydomain.com if that is what you mean. Neither mydomain.com or any subnets of it will resolve. I did try the host override in the DNS resolver, but it didn't make a difference.

            Almabes: Yep that was what I was thinking... I'm actually on that page already and I tried option 1. I'll go try option 2 and report back.

            1 Reply Last reply Reply Quote 0
            • H
              hbh7 last edited by

              Ok Split DNS mentions DNS forwarder, and I'm using DNS Resolver just because its the default now. I'd assume the directions are the same nonetheless, except for one other thing. I have other things besides a webserver pointing to mydomain.com, so I'm not sure how I would handle that.

              If that was confusing, here's what I mean.
              mydomain.com gets different things depending on port.
              80 - 192.168.1.193
              22 - 192.168.1.50
              25 - 192.168.1.194

              How would I get it to distinguish? Is it possible?

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                Yeah.  That gets problematic when you want split DNS.

                I have never recommended using "mydomain.com" for anything.  This is one of the many reasons why.

                You want to connect to several different hosts using one hostname.  Not going to scale.

                www.mydomain.com
                ssh.mydomain.com
                mail.mydomain.com

                1 Reply Last reply Reply Quote 0
                • H
                  hbh7 last edited by

                  Yep, i figured it'd have to come down to that… Too bad. My old lame router had no problem with it...  :( Odd pfSense can't handle it the same way with some config'ing

                  1 Reply Last reply Reply Quote 0
                  • Derelict
                    Derelict LAYER 8 Netgate last edited by

                    it can. Turn on the bastardization that is "NAT Reflection." and enjoy.

                    1 Reply Last reply Reply Quote 0
                    • H
                      hbh7 last edited by

                      Well, I don't have a strong enough understanding of everything to know why it's terrible, but it works, which is good enough for now. Thanks for your help.  :)

                      1 Reply Last reply Reply Quote 0
                      • A
                        almabes last edited by

                        It's terrible because it has a tendency to not work correctly, or at all.  But, if it's working, and not crapping out on you then great.

                        1 Reply Last reply Reply Quote 0
                        • H
                          hbh7 last edited by

                          Oh, well that's a lot more simple than I thought…. Well, for now it seems to work. Ideally I'll change it eventually but as for now that's what I'll use.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post

                          Products

                          • Platform Overview
                          • TNSR
                          • pfSense
                          • Appliances

                          Services

                          • Training
                          • Professional Services

                          Support

                          • Subscription Plans
                          • Contact Support
                          • Product Lifecycle
                          • Documentation

                          News

                          • Media Coverage
                          • Press
                          • Events

                          Resources

                          • Blog
                          • FAQ
                          • Find a Partner
                          • Resource Library
                          • Security Information

                          Company

                          • About Us
                          • Careers
                          • Partners
                          • Contact Us
                          • Legal
                          Our Mission

                          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                          Subscribe to our Newsletter

                          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                          © 2021 Rubicon Communications, LLC | Privacy Policy