Text only | Text with Images

OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: Hakisak on October 18, 2024, 07:20:10 AM

Title: Traffic is going through cloudflare when accessing services on the same network
Post by: Hakisak on October 18, 2024, 07:20:10 AM
Hello,

The Issue:
I have Nginx Proxy Manager installed on my home assistant machine and when I access my services, all the traffic will go through Cloudflare instead of my internal network. For example; FileBrowser app installed on my TrueNAS, when viewing a video, it will buffer a lot because the video bitrate is higher than my upload speed.

I have tried to fiddle with unbound overrides, but it always seems to do nothing or break everything, Unless I'm just doing it wrong?
I tried moving NPM to my TrueNAS machine, but the same problem still persists.

Some pointers or directions would be appreciated ❤️

Please see attached pictures of network map and network traffic when playing video on FileBrowser (my upload speed is max 50/Mbps), The public IP's listed seem to be cloudflare servers:

(https://i.imgur.com/VvR7crI.png)
(https://i.imgur.com/b1w5dbZ.png)
(https://i.imgur.com/1Di9xBU.png)
(https://i.imgur.com/tWCwh07.png)

Here are some pictures of my OPNsense configuration:
(https://i.imgur.com/GCrcZUP.png)
(https://i.imgur.com/4HJjx8c.png)
(https://i.imgur.com/B6IBU6I.png)
(https://i.imgur.com/49613Ut.png)

And Nginx Proxy Manager
(https://i.imgur.com/0EBEcbw.png)
(https://i.imgur.com/2BqWTY5.png)
Title: Re: Traffic is going through cloudflare when accessing services on the same network
Post by: bartjsmit on October 18, 2024, 07:59:48 AM
You need split DNS. Internal clients go direct, bypassing NPM because they have the internal IP of your host(s).

If you don't want to build a second DNS server, add hosts entries on your clients. For Windows this is in system32\drivers\etc

Title: Re: Traffic is going through cloudflare when accessing services on the same network
Post by: Hakisak on October 18, 2024, 08:16:26 AM
Quote from: bartjsmit on October 18, 2024, 07:59:48 AM
You need split DNS. Internal clients go direct, bypassing NPM because they have the internal IP of your host(s).

If you don't want to build a second DNS server, add hosts entries on your clients. For Windows this is in system32\drivers\etc

Is split DNS different from unbound overrides? I thought unbound would be able to do it, but I think it was causing the client to detect my opnsense router wasn't authorised to use that domain name (but again, maybe I was just doing it wrong).

by second DNS server are you saying I should just run ad-guard on my opnsense? or pi-hole on my homeassistant?

edit: also windows host file can only do IP, not IP:port, but I would prefer not to alter host files.
Text only | Text with Images