I can not see my website on my LAN and externally (Thread modify data)



  • Excuse my English. I tell them that I have a little UN pfSense old . I do not assemble . I 'm putting together a new one with the latest version , but good enough I managed to run any of my web page both on my LAN As para outside. I do not know what to do. S.O.S

    Below I show them how it's my settings

    200.42.24.25
    –---------------
    -                    --- > IP 200.42.24.27
    -      Cisco      ---> IP 200.42.24.26
    -                    --- >

    200.42.24.25 -> Is my Cisco IP gives me my ISP
    200.42.24.27 -> Is the IP issues with which I have set up my website.

    200.42.24.26 -> is one of my IP In my ISP gives me that I have to be configured as the gateway to my pfSense .


    Acting account configurations !!!!

    Help !!!!!


  • Rebel Alliance Global Moderator

    so your saying this 200.42.x.2 is a vip on pfsense  What is its actual IP?

    If English is not your native lang maybe you would have better luck in the forum section for your native language.



  • What's WAN2?  Why are you using public IP addresses (192.0.x.x) on LAN?


  • Rebel Alliance Global Moderator

    Good catch KOM – yeah that seems odd, are you then natting that??  Borked sort of setup for sure.



  • @KOM:

    What's WAN2?  Why are you using public IP addresses (192.0.x.x) on LAN?

    200.42.24.25 –> Cisco
    200.42.24.26 --> Getway in PFsense
    200.42.24.27 --> IP Public Web

    Lan --> 192.0.1.254/24

    Web --> 192.0.1.167

    can not see my site in my Lan and without.

    I know my English is very bad but my language forum do not respond



  • @KOM:

    What's WAN2?  Why are you using public IP addresses (192.0.x.x) on LAN?

    Thread modify data


  • Rebel Alliance Global Moderator

    192.0.1 is not a rfc1918, that is one of those networks that is in no mans land.. Yous ure and hte hell should not be using.. Your LAN if not a public IP space that you own should be on rfc1918 space.. 10.x.x.x, 192.168.x.x, 172.16-31.x.x

    You don't just grab IP space out of thin air and expect stuff to work..

    edit: So your just trying to hide your own network?  So its public?  Or is it rfc1918, if its rfc1918 why hide it? If they are public you need to make mention of that!!  And you changed it, etc.

    Are any of these IPs public or private?  Can not help you when you change stuff in such a way to make it misleading to how your setup!!



  • @johnpoz:

    192.0.1 is not a rfc1918, that is one of those networks that is in no mans land.. Yous ure and hte hell should not be using.. Your LAN if not a public IP space that you own should be on rfc1918 space.. 10.x.x.x, 192.168.x.x, 172.16-31.x.x

    You don't just grab IP space out of thin air and expect stuff to work..

    edit: So your just trying to hide your own network?  So its public?  Or is it rfc1918, if its rfc1918 why hide it? If they are public you need to make mention of that!!  And you changed it, etc.

    Are any of these IPs public or private?  Can not help you when you change stuff in such a way to make it misleading to how your setup!!

    thanks for answering !!

    My LAN is the range 192.0.1.0/24 . It was always this range, it is not the best range but change that range complicates me at this time.

    Comment that have a public IP cisco 5 .

    200.42.24.25 - > IP of my cisco
    200.42.25.26 - > IP gateway that I have set out in my pfSense for Internet
    200.42.24.27 -> Is the public IP to assign to my Web

    I have a Windows DNS server and from the host assigned to a "www " said public IP 200.42.24.27

    My website is a debian
    Local IP -> 192.0.1.165
    Gateway -> 192.0.1.254
    Broscast - > 192.0.1.255
    DNS-nameservers 192.0.254
    DNS-search "Mi web"

    Local IP pfsense -> 192.0.1.254

    I would like to know which rules I have to make my website look from outside and from my LAN .

    The attached I put at the beginning are all true data.

    Change this graph with real data.

    Sorry.

    Any more information ?

    thanks for the help!!



  • It looks very odd for me


  • Rebel Alliance Global Moderator

    "My LAN is the range 192.0.1.0/24 . It was always this range, it is not the best range but change that range complicates me at this time"

    So?? FIX IT!!! Then move on to your actual issue..  Running that network on your LAN is just plain wrong - did you setup it up, or was it the idiot before you?

    As to your website - sure looks like it works to me from the outside.. Again I will ask are you trying to hide your public IP and just grabbing shit that is not yours?  Or is this your website?

    So why would your local dns have a public IP for a website that is on an a local IP.. Is this windows dns queried from the public?

    Lets go over some basics.

    I have a domain lets called it exampledomain.tld which is a public domain that anyone can lookup and when you lookup www.exampledomain.tld is pubic IP is 1.2.3.4, this is the IP I have on pfsense wan.  Now this website is on a server with IP address 192.168.1.100 lets say.

    So I forward 80 to 192.168.1.00, now users that lookup this fqdn on the public internet and get the public IP 1.2.3.4 (example fake IP btw) they hit my pfsense wan..  This gets forwarded to 192.168.1.100 and everyone is happy.

    Now user on 192.168.1.0/24 wants to get to this website..  So on the LOCAL dns, be it pfsense or windows, or bind or whatever.. I setup it up so that if they lookup www.exampledomain.tld they get back 192.168.1.100.  In pfsense dns this is simple host over ride, in windows just create A record, in bind as well A record but you could get fancy with views, etc..

    In a nutshell outside users resolve public IP, users local on the same network as the server should resolve the LOCAL ip…




  • I will explain all again:

    first of all I want to tell everyone that I am not hiding anything because my idea is to solve my problem.

    Second I want to thank those who read and respond.

    Let me explain again the best way possible:

    Today I have an old version pfsense working perfectly in my LAN.

    I pass them the "real" data on my network.

    LAN -> 192.0.1.0/24
    Private IP pfsense -> 192.0.1.254
    Private IP Website -> 192.0.1.167

    Public IP configured in PFsense -> 200.42.24.26
    IP published my website -> 200.42.24.27

    I have a Windows server on my LAN -> 192.0.1.4 that is my domain controller.
    In the same DNS is configured as my website.
    Host -> www -> 200.42.24.27

    Clarified that today's working perfect. I'm putting together a new PFsense with the latest version, I pretty well but I can not configure my website so you can see both on my LAN and out of my LAN.
    The data in the new pfsense are the same as I'm replicating.

    I did not arm the old pfsense, I'm learning, I ask for help.

    I wanted someone to give me a guide to the steps to give permissions to PFsense to my Web works in my New PFsense explained above with the same data.

    The data do not lie, they can check my public IP web is real.

    192.0.1.0/24 not understand well but I'm not going to change that range at this time. I'll change later. I inherited that another administrator settings.

    I just want a step by step to set up my new pfsense.

    Thank you!!!!


  • Rebel Alliance Global Moderator

    Ok you clearly have some serious issues more than just accessing your website..

    This is BROKEN!!

    ;; QUESTION SECTION:
    ;udemm.edu.ar.                  IN      A

    ;; ANSWER SECTION:
    udemm.edu.ar.          600    IN      A      192.0.1.4

    So this is being served up by you
    ;; QUESTION SECTION:
    ;www.udemm.edu.ar.              IN      A

    ;; ANSWER SECTION:
    www.udemm.edu.ar.      3529    IN      A      200.42.24.27

    at here
    ;; Received 1043 bytes from 2801:140::10#53(a.dns.ar) in 1822 ms

    udemm.edu.ar.          3600    IN      NS      ns1.udemm.edu.ar.
    udemm.edu.ar.          3600    IN      NS      ns2.udemm.edu.ar.
    ;; Received 109 bytes from 170.210.2.97#53(noc.uncu.edu.ar) in 12527 ms

    udemm.edu.ar.          600    IN      A      192.0.1.4
    ;; Received 57 bytes from 200.42.24.26#53(ns2.udemm.edu.ar) in 182 ms

    So your serving up your 2 ns off the same IP
    ;; ANSWER SECTION:
    ns1.udemm.edu.ar.      3524    IN      A      200.42.24.26
    ns2.udemm.edu.ar.      3520    IN      A      200.42.24.26

    And then if ask for NS to them you get this
    ;; QUESTION SECTION:
    ;udemm.edu.ar.                  IN      NS

    ;; ANSWER SECTION:
    udemm.edu.ar.          3600    IN      NS      baudemm1.udemm.edu.ar.

    ;; ADDITIONAL SECTION:
    baudemm1.udemm.edu.ar.  3600    IN      A      192.0.1.4

    Dude this domain is so messed up..  I really really want to HELP YOU!!!  But your configuration is completely and utterly BROKEN!!!  You are using an invalid IP range internally.. You are then handing that out to the public internet.. You are hosting your name servers off whatever connection you have and even allowing recursive lookups!!

    user@ubuntu:~$ dig @200.42.24.26 www.google.com

    ; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> @200.42.24.26 www.google.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12374
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4000
    ;; QUESTION SECTION:
    ;www.google.com.                        IN      A

    ;; ANSWER SECTION:
    www.google.com.        127    IN      A      173.194.42.82
    www.google.com.        127    IN      A      173.194.42.80
    www.google.com.        127    IN      A      173.194.42.84
    www.google.com.        127    IN      A      173.194.42.83
    www.google.com.        127    IN      A      173.194.42.81

    ;; Query time: 192 msec
    ;; SERVER: 200.42.24.26#53(200.42.24.26)
    ;; WHEN: Sun Sep 13 09:10:55 CDT 2015
    ;; MSG SIZE  rcvd: 123

    Just did a simple spam relay check and atleast your not an open relay from quick check.. But your mx is also hosted of that same 200.x.x.26 address

    Your SOA points to an invalid IP
    ;; ANSWER SECTION:
    udemm.edu.ar.          3600    IN      SOA    baudemm1.udemm.edu.ar. hostmaster.udemm.edu.ar. 15967 900 600 86400 3600

    ;; ADDITIONAL SECTION:
    baudemm1.udemm.edu.ar.  3600    IN      A      192.0.1.4

    here is what I would suggest to get you sorted.

    first thing!!!  Get you public dns OFF where you hosting it now, from what I can tell its Microsoft DNS 6.1.7601 ??  Your pointing public internet to your AD DC for dns??? You really should just host public with your registrar, or host it with a dns server (there are free ones) something!!

    You need more than 1 name server, they should be in different parts of the world.  They have to provide correct info.. pointing soa to a 192.0.1 address is not a valid setup!!  having root servers say your NS are ns1 and ns2 and then those nameservers saying hey ns for this domain is baudemm1.udemm.edu.ar. at in invalid IP is just BROKEN!!!!!

    Once you have your dns actually hosted correctly outside pointing to your public IPs you want to have resolve.

    Then clean up that 192.0.1 nonsense..

    Then forward the traffic you need to forward.  You really really need to fix this BROKEN dns setup.. Its amazing anything works at all.. Allowing recursive to the public is BAD JUJU and just asking to be part of amplification attack, etc..



  • @johnpoz; Thanks for answering!!! I understand that my LAN IP range is very bad.

    But today is working with an old pfsense.

    I understand that I have to organize the IP range of my LAN but this I can not do now because I have to wait when holiday time so the staff are not using the LAN.

    Today I want to do is set up my new PFSsense my web page with all the data that you correctly detallaste.

    Could you guide me so that everything is configured so as to function in the new PFsense?

    What rules have to perform in the new pfsense?

    thanks for the help!!!


  • Rebel Alliance Global Moderator

    Dude I am not going to help anyone continue to use such a F'd up configuration what part do you not understand about your DNS being BORKED!!!!

    Fix that, and then be more than happy to help you do whatever you want on pfsense..

    your #1 priority is to fix that!!!  Once you have a valid dns configuration.. Then you can worry about correcting that 192.0.1 nonsense and any sort of website.. That dns works at all is amazing!!

    FIX IT!!!

    Go to any dns check site you want, for example
    http://dnscheck.pingdom.com/?domain=udemm.edu.ar



  • @johnpoz:

    Dude I am not going to help anyone continue to use such a F'd up configuration what part do you not understand about your DNS being BORKED!!!!

    Fix that, and then be more than happy to help you do whatever you want on pfsense..

    your #1 priority is to fix that!!!  Once you have a valid dns configuration.. Then you can worry about correcting that 192.0.1 nonsense and any sort of website.. That dns works at all is amazing!!

    FIX IT!!!

    Go to any dns check site you want, for example
    http://dnscheck.pingdom.com/?domain=udemm.edu.ar

    You are right. It is not part of this forum.

    But as a child No paragraph Steps Fix DNS.

    Not if you have a document to read .

    I have a domain controller , you already you could see .

    Thank you!


  • Rebel Alliance Global Moderator

    What?

    Yeah have lots of dc in multiple customers I support.. Not one of them has public internet talking to them for dns..  If they even suggested such I would think they are on drugs..  If you want to use MS to host dns - sure go for it.. But not your AD dns using the same domain for sure..

    You still have the problem that you only have 1.. same freaking IP, that your registrar even let you do that is beyond me..

    Fixing your DNS is priority one.. Your name delegation is completely borked no matter what you want to use to host it, etc..  FIX YOUR DNS!!!  I have already told you what is wrong with it.  First step is at your registrar - having actually 2 different dns serves that should NOT be on the same network that is for sure..  If you set on hosting your own public dns off your connection and off your DC ok.. But get s secondary somewhere else.

    If you do not know anything about dns - then get someone in your org that does.. Hire some one if need be..