OPNsense Forum
English Forums => General Discussion => Topic started by: M@rch0n on June 12, 2019, 05:06:27 pm
-
Hello,
I have an OPNsense 18.7.10 running with Nginx 1.5 as a reverse proxy for 4 webservices that are on an internal server.
Internet -----> Nginx/OPNsense -----> IIS6.0
I do not know where I'm wrong that only a webservice is experiencing a problem. All items such as Upstream, Upstream Serve, Location, and HTTP Server have been configured in the same way with the same options. In short, I put the first one to work and the others are clones and only changed the addresses.
These webservices were running correctly on another Nginx Linux (CentOS 5.9).
All use the same certificate.
When I test the webservice through the browser the webservice page is displayed successfully and I see the packets entering my WAN interface and exiting the LAN interface towards the IIS server and I also see access logs in the successful Nginx.
But when access is done by the application, I only see the packets arrive on my WAN interface, I do not see them coming out through the LAN interface towards the IIS server and I also do not see any logs in Nginx, neither access log nor error log.
I already checked and also does not have a firewall block, I even did a test with "pfctl -F rules" and even then the behavior is the same.
Can anyone help me?
-
You can try it locally using curl. The nginx server ALWAYS writes a log entry, regardless of the request being successful or not. If there is no log entry, then there is probably no no request handled. Which would be a sign for a problem with the firewall (NAT or Filter).
You can also check your DNS if the clients connect to the wrong IP address.
Is only IIS broken? Are you using HTTPS?
---
By the way - you should upgrade your web servers.
-
You can try it locally using curl.
Yes, using the curl I get access to the webservice successfully.
problem with the firewall (NAT or Filter).
I deactivated all Ports Forward, I do not have One-to-One and nats Outbounds have only one of my LAN for the Internet and rules have also been deactivated with "pfctl -F rules".
Are you using HTTPS?
Yes, all in HTTPS on port 443 and with the same certificate.
Is only IIS broken?
Excuse me! I did not understand that question.
All 4 webservices are on the same IIS server and only this webservice has this problem.
Maybe an information I have not given before, with this problem I had to create a contouring solution that was to create a PortForward that works normally.
Another detail is that my WAN interface is not directly connected to the Internet with a public IP, rather it has an ISP router that forwards to my WAN that has 192.168.x.y private addresses.
-
Is only IIS broken?
Excuse me! I did not understand that question.
All 4 webservices are on the same IIS server and only this webservice has this problem.
The server may not support a secure protocol like TLS 1.1 or TLS 1.2 which makes a upstream connection fail.
Also your upstream may be configured incorrectly for TLS (but that should write a log entry). In that case nginx should show an error page.
Maybe an information I have not given before, with this problem I had to create a contouring solution that was to create a PortForward that works normally.
From here, without more information, I cannot answer that question.
-
Hello,
Thank you for your help!
Going back to this problem, I created a workaround with Nat PortForward while I do not discover the cause of the problem. I will analyze together with dev team and any novice I post here.