Hi,
I am new to OPNsense, have carried out a couple of factory resets to make sure I am not doing something stupid but I cannot access nextcloud (or any of my forwarded ports) from within my lan? I have setup nextcloud using a cloudflare tunnel and I can access perfectly on a mobile connection or a connection outside my network
The tracert shows that it is pointing to the correct local ip
I have tried enabling reflective nat in the port forward rule but lose internet connection when applied?
I also tried creating a
Can anyone please help?
Thank you!
I followed this guide for split DNS but get a potential DNS rebind attack warning message on the web page
https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html
Have moved a little further with this as I have been able to get 2 of the 3 port forwards working by setting the rules to pass, enable nat reflection and setup unbound dns override.
The 2 that work are standard http but as soon as I enable nat reflection on the nextcloud port forward I lose internet, is that because it is https? I really don't know enough to know where to go from here and getting lost in a google maze, if someone could help I would really appreciate it!
Many thanks
You have to make sure the port you forward is not one used for the OPNsense Webui (80/443), you have to change the ports of the WebUI to non standard ones like 8443 - before you can freely port forward 443 to an internal service.
Then there are three distinct ways to reach your goal:
- Configure NAT Reflection: https://docs.opnsense.org/manual/how-tos/nat_reflection.html
- Use a Host Overwrite in Unbound for Split DNS.
- Use a Reverse Proxy on the OPNsense, like os-caddy: https://docs.opnsense.org/manual/how-tos/caddy.html
Hi!
Thanks so much for the reply!
Please see the attached image for what I am trying to achieve,
I have already tried the first 2 suggestions (they are in my previous screenshots) but have not installed a reverse proxy on the router itself as that runs on my unraid server.
I am struggling to get my head around this as I am out of my comfort zone but is what I am trying to achieve possible with a reverse proxy running on unraid from the diagram attached? (Credit to spaceinvader one for his video guide to installl nextcloud on unraid)
Again, thanks!
Hi,
I have changed my OPNsense gui from 443 to 8443, rebooted but still when I enable nat reflection on this rule I lose access to all https websites? Am I missing a step?
Destination any is too broad, you have to choose your external IP address or "WAN Address" (probably "dsl Address" in your case since interface name is dsl) as destination.