I use nginx as reverse proxy (for nextcloud, sogo and so on; opnsense is up to date: OPNsense 21.1.2 . Due to unknown to me reason clients from one of my local subnets are denied access to proxy and in nginx access log are visible as WAN interface (IP address) trying to request wpad data:
28/Feb/2021:15:06:00 +0100xxx.xxx.xxx.xxx(WAN IP)-302138-CFNetworkAgent (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64)-GET /wpad.dat HTTP/1.1
There aren't any SNAT or DNAT created for this proxy or that particular network.
Can you please direct me towards right direction - where to start troubleshooting from?
Make sure that this particular client have the DNS configured as the other clients. They should be pointing to OPNSense box.
Quote from: muchacha_grande on February 28, 2021, 06:12:31 PM
Make sure that this particular client have the DNS configured as the other clients. They should be pointing to OPNSense box.
In that particular network main DNS is pihole with upstream server set to OpenDNS family shield but with conditional forwarding for local domain (where proxy belongs to) set to unbound in opnsense. So it seems conditional forwarding isn't applied?
Other local subnets also have pihole but its upstream server is set directly to unbound and having set exactly same conditional forwarding.
I did nslookup on affected computers and both pihole and unbound (on opnsense) give the same answer. But once I set client to use directly unbound, I'm able to connect to service via Nginx reverse proxy. When client uses pihole, there's no connection available in browser. I really don't understand it...