SSL cert or port forwarding problem.
-
I have an SSL cert on an FTP server that also hosts via HTTPS from behind my firewall. When trying to resolve the connection locally using the domain name mydomainftp.com it doesn't follow my port forwarding paths to the server. It lands on the Webgui of pfsense. I have set the webgui to an alternative port so HTTPS traffic is finding some other way to get hung up there. I am wondering if there is a conflict between the two certs.
I own a domain mydomainftp.com
This points to my address where the local server is hosting files. Webgui traps all traffic, or so it appears.
-
Set up a host override in your DNS Resolver pointing the name to the inside (real) IP address.
-
Hey thanks,
Tried that with the same results. Not found.
-
Well, that your "try" failed… Try again and better.
-
Hey,
I entered the host in the DNS resolver should I use the domain section? I am unsure if there is some other conflict at play here. I have the server set to redirect traffic from http to https. It convolutes the process slightly and I am afraid I don't know enough to be certain this isn't the issue.
If I understand correctly a DNS query for mysiteftp.com, instead of leaving my network will be redirected (like an alias) to the IP selected instead without reaching the external.
-
With the only info here being "Not found", you might as well use a crystal ball.
On another note - I'd strongly suggest to make use of hostnames. WTH are you pointing everything to your domainname?!
-
Not found as in the connection times out.
I have a local ftp server. I have a domain that points to it. The domain does not work internally as it points to my WAN. The wan ports for FTP and HTTP and HTTPS are all forwarded to said server. The connection times out. I used your hostname alias in the DNS resolver with no results. If you have any more help to offer that would be great.
-
Not found as in the connection times out.
Ah, that's wonderful use of terminology. NOT FOUND - when talking about webservers - means this: https://en.wikipedia.org/wiki/HTTP_404 - it definitely does NOT mean timeout.
And - once again - what's wrong with hostnames?!?!?!
www.example.com -> webserver
ftp.example.com -> FTP server
smtp.example.com -> SMTP server
…1/ Start designing things is a sane way.
2/ Use logs and provide some useful info here finally. -
The DNS host overrides work fine.
Your first problem is that you're using a domain name as a host name. Try ftp.mysiteftp.com and www.mysiteftp.com instead. AKA do it right.
In order to test DNS, use a DNS testing tool. dig or drill or, if you have nothing but windows available, nslookup, though it sucks.
"Doesn't work" tells us nothing.
-
It's a crushftp server it is an FTP server with an HTTP interface as well. I'm sorry, I'm not following you.
The hostname as in www? Or the hostnames on my local network?
I don't know if I am being clear on the topology here. The server does a few things here. I use it for FTP as well. I bought a domain to use with our local IP. Is that insane? Sometimes I was wondering if it was the right thing to do. Having the server local is a big deal though as having instantaneous access to large files locally the day after they arrive is typical here.
Please bear with me here as I am still kind of new to pfsense.When I use nslookup I see the DNS entry that belongs to the domain name that I registered. Should I be seeing the IP of the override?
-
Using nslookup with the address I used in the domain override gets me a timeout error after returning the gateway address.
-
They come up as non-authoritative answers so have to I assume it's something to do with my local DNS server not being queried.
Never heard of drill or dig.
-
OMG. Post the nslookup output. Post webserver logs. Post FTP server logs. Post firewall logs. Post SOMETHING. Not "t3h noes, it still no workie, t3h suck"… There's still ZERO information usable for debugging your issue.
The server does a few things here. I use it for FTP as well. I bought a domain to use with our local IP. Is that insane? Sometimes I was wondering if it was the right thing to do.
I have a strong feeling you really have no idea what you are doing. Once again - use HOSTNAMES. It doesn't matter that they point to the same IP/CNAME/server. Stop using domain name for everything.
-
OK at least we are getting somewhere as NOW I understand what you mean. Why use domain name when I am local. It's because a small function of the ftp server is to share links with those not technologically inclined to lead them straight to a file. When using the hostname with this function it inserts the hostname which is not pertinent to those outside of our network.
Any way you can try and help me solve the issue instead of bashing my practices? The logs of the ftp server are blank as nothing gets to the ip or hostname I specified. Nothing relevant in the firewall logs either.
-
When using the hostname with this function it inserts the hostname which is not pertinent to those outside of our network.
Eeeeeeeeeeeeeeeeee?!? DAFUQ?!?
Any way you can try and help me solve the issue instead of bashing my practices? The logs of the ftp server are blank as nothing gets to the ip or hostname I specified. Nothing relevant in the firewall logs either.
Why the HECK don't you post the nslookup output at least?!?!
-
:'( :'( :'( :'( :'( :'( :'(
Sad boy.This ftp server sends out emails and it wraps the local hostname into the link. When they use this link it doesn't lead anywhere.
It's a nuance of a program I use. Somehow, being on your flame heavy thread is actually helping me. This redirect should really work.
nslookup www.myurlforourftphttpfileserver.com Server: pfSense.imagesoffice Address: 192.168.1.1 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. *** Request to pfSense.imagesoffice timed-out >nslookup sameurlwithnowww.com Server: pfSense.imagesoffice Address: 192.168.1.1 Non-authoritative answer: Name: theurlfortheftp.com Address: **.*.*.* (my office IP)Be gentle.
-
So stop messing around with port forwards and fix your DNS. This works out-of-the-box so it's anyone's guess what you've changed.
-
What is the alternative to port forwards to direct a user to my webserver behind the firewall? I want to set up a DMZ at some point I just need to install a third NIC which I have on standby. Should I just be going down that route immediately?
-
You need DNS that works before you do anything.
-
I didn't change any DNS resolver settings except for the redirect. DNS is working. You probably didn't scroll down?
