OPNsense Forum

Archive => 15.7 Legacy Series => Topic started by: rjboonstra on December 16, 2015, 12:12:29 am

Title: Access of Internal WEB Server via both LAN and WAN
Post by: rjboonstra on December 16, 2015, 12:12:29 am

I am not quite sure where to look for this; I have tried and come up short.  Is anyone able to give me direction on how to set up an internal WEB server so that it is accessible from both the internal network as well as the external side. 

For example, say you have a WEB server at 192.168.0.100 port 8081 and you have NAT port forwarding so that you can see it from the outside world.  You have a URL that directs www.myurl.com:8081 that points to your firewall, which inturn then forwards that traffic to your WEB server at 192.168.0.100:8081.  From the outside, everything works perfect.

However, when you bring your laptop home and tie into your home network, again, you point your browser to www.myurl.com:8081 and the browser cannot resolve the address.  However, if you ping myurl.com, one gets an instant response with the WAN address identified.

I think the problem is that the web browser is trying to access the firewall on port 8081 and it does not respond... How do you make the firewall direct both internal and external traffic to the WEB server at 192.168.0.100:8081?

Thanks in advance...

Rudy

Title: Re: Access of Internal WEB Server via both LAN and WAN
Post by: phoenix on December 16, 2015, 08:06:53 am

What you can't (normally) do from within your LAN is access your public IP address and have it forward that to your LAN. The firewall needs a feature (usually) called "reflection" and OPNsense has that.. You need to go to the rule that forwards the port from the WAN to your LAN IP address, edit that and scroll down and you'll see an option labeled "NAT Reflection", it will be set to the default which means it's not enabled and you need to change that.

The other option is just to ccnfigure a DNS server on your LAN to point to the local web server.

Title: Re: Access of Internal WEB Server via both LAN and WAN
Post by: philamonster on December 24, 2015, 01:52:30 pm

Split DNS is what you're looking for:

https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

Quote

NAT Reflection employs techniques to redirect these connections if required. Split DNS is usually the better way if it is possible on a network because it allows for retaining of the original source IP and avoids unnecessarily looping internal traffic through the firewall.

You can set this up under Services > DNS Forwarder > Host Overrides section towards bottom of page.