OPNsense Forum
English Forums => General Discussion => Topic started by: giovanit on October 25, 2019, 03:56:47 pm
-
Hi guys.
I have an internal website on ports 80 and 443.
I have a NAT for these ports and had no access restriction. Anyone on the planet could access through the domain, including internally through the domain.
Recently I had to enable GeoIP in this rule for access to Brazil only, due to the thousands of accesses coming from North Korea.
By enabling GeoIP I lost domain access to internal computers. We work a lot on the site and access through internal IP is not a possibility.
How to work around this problem?
Thanks in advance for your help.
-
Use a host override so the internal domain users get pointed to the internal address directly.
Services->Unbound DNS->Overides.
-
Use a host override so the internal domain users get pointed to the internal address directly.
Services->Unbound DNS->Overides.
I tried. Does not work for subdomains. My site is a subdomain.
-
works for me, I just created a host - 'www' and then a subdomain on my domain like fred.mydomain.com as the domain - so the full address would be www.fred.mydomain.com, stuck in a test address and sure enough my PC got the address for that host.
-
works for me, I just created a host - 'www' and then a subdomain on my domain like fred.mydomain.com as the domain - so the full address would be www.fred.mydomain.com, stuck in a test address and sure enough my PC got the address for that host.
Where going wrong?
(https://i.ibb.co/4JNFNML/Capturar.jpg)
-
Remember to flush the dns cache on your PC before you test. Then ping the fqdn address from your PC, it should resolve to your internal address.
-
Remember to flush the dns cache on your PC before you test. Then ping the fqdn address from your PC, it should resolve to your internal address.
Hi marjohn56,
I flushed the DNS cache, but it still didn't work. Is my setup correct?
-
First thing, lets check that your DNS and DHCP servers are set correctly. If you do an ipconfig /all on your PC you should see something like this.
(https://i.ibb.co/wwwxHQw/Capture.png) (https://ibb.co/GttbwMt)
upload image (https://imgbb.com/)
Now, look at the DNS servers, they are pointing at my Opnsense gateway which is 10.4.11.254, are you seeing the same, is it pointing to your Opensense gateway?
-
mine is without the connection-specific DNS Suffix, I think that's the problem.
-
OK, so now look at the DHCP settings in Opnsense, DNS Servers should only contain the address of the Gateway, in my case both are 10.4.11.254. My upstream servers are the google servers 8.8.8.8 and 8.8.4.4, these are set in the system->settings->general.
Others may do things differently, but this works for me without any issues.
-
Thanks marjohn56,
your tips helped me a lot.