+------------------+
| DNS |
| my.domain.com |
| A 193.222.222.22 |
| |
+-------+----------+
|
+-------+----------+
| | +-------------+
| Internet | | |
| 193.222.222.22 +-----+ | curl https://my.domain.com -> Website of SERVER
| +Public IP | | Internet PC | curl https://193.222.222.22 --insecure -> Website of SERVER
| | +-------------+
+------------------+
^
|PPPOE WAN
v
+----------------+
| | curl https://172.24.0.1 --insecure -> OPNSENSE WEB UI
| OPNSENSE | curl https://my.domain.com --insecure -> Time out I want this to yield the Website of SERVER
| | curl https://193.222.222.22 --insecure -> Time out
+-----+----------+
|172.24.0.1/16
+---------+
| |
+-----------+--+ +--+----------+
| 172.24.69.69 | | 172.24.1.31 | curl https://172.24.0.1 --insecure -> OPNSENSE WEB UI
| | | | curl https://my.domain.com -> Website of SERVER
| SERVER | | PC | curl https://193.222.222.22 --insecure -> Website of SERVER
+--------------+ +-------------+
+--------------------------------------------------------+ +-------------------------------------------+
| NAT Port Forward | | Reflection for port forwards OFF |
| | | |
| IF Source Dest NAT Port | | Reflection for 1:1 OFF |
| Addr Port Addr Port | | |
| | | Automatic outbound NAT for Reflection OFF |
| LAN,WAN * * WAN net 443 172.24.69.69 443 | | |
| | | |
+--------------------------------------------------------+ +-------------------------------------------+
+----------------------------------------------------------------------------+
| Outbound Hybrid NAT rule generation |
| |
| IF Source Source Port Dest Dest Port NAT Adress Nat Port |
| |
| LAN LAN net tcp/udp/* 172.24.0.0/16 tcp/udp/* LAN address * |
| |
+----------------------------------------------------------------------------+
I want to enable the nextcloud configuration backup option.
However my nextcloud server is behind opnsense.
Machines on the LAN and the internet can reach my nextcloud server.
Only opnsense itself is not able to contact it.
I have tried lots of different outbound and port forward rules.
I don't really know how to track down where it fails.
My WebUI only listens on the LAN interface.
I only listed settings I thought were relevant.
I can provide further information if needed.
Any help and direction is greatly appreciated.
The reflection from the OPNsense itself doesn't work for this kind of traffic.
You either have to use IPv6 GUA as AAAA-Record (so you don't need NAT) or use a Split DNS Zone (aka, put an A-Record with the internal IP address of your Nextcloud Server in the nameserver the OPNsense uses. For example, enable unbound, make the opnsense use 127.0.0.1, and then set it as domain override)
Heres an analysis I did a while ago: https://forum.opnsense.org/index.php?topic=35521.0
Thanks for the info.
I noticed the loopback problem too.
I guess I will have to re enable split dns.
What a shame.