Messages

Hello everyone, I am trying to build a website with my own server in my home.

For example, the hostname is example.me, I have updated the hostname withthe WAN ip address(1.1.1.1 for example), and the server IP is 192.168.1.10. Sadly the 80 and 443 ports can`t be reachable due to my ISP policies, so I add two NAT rules, 1.1.1.1:10080-->192.168.1.10:80, 1.1.1.1:8443-->192.168.1.10:443.

Now I can access the website from the Internet by visiting https://example.me:8443, great, but it doesn`t work on the internal network.

So I disabled the NAT reflection and add a outbound NAT rule like this:
Interface-----------------------LAN
Source-------------------------LAN NET
Source Port--------------------ANY
Destination--------------------WAN Address
Dest Port-----------------------8443
Translation / target------------192.168.1.10
Translation / port:-------------443

It still doesn`t work.

Anyone, anyone can help me? I've been tormented by this problem for three hours.

Thank you very much.

I am trying to solve this problem by using DNSCrypt-Proxy while there is a Forwarder function.

But how can I import the whitelist? I tried to edit the forwarding-rules.txt in /usr/local/etc/dnscrypt-proxy. But when I restart the DNSCrypt-Proxy, the forwarding-rules.txt will be reset. There are about 40000 URLs. It`s a IMPOSSIBLE mission for me to enter them using web-GUI.

Recently I found out the ISP is hijacking DNS, so when I visit some websites or URLs I can`t get the right IP.

In China, the ISP now does not hijacking websites and URLs with a blacklist, as there are more and more websites we can`t visit today, I think they are doing it with a whitelist. This sucks.

Now I am using DNSCrypt-Proxy, this plugin is great, but there is another problem. When I am visiting some websites in ISP`s whitelist which they will not do DNS hijacking, the cloudflare DNS tranlates a CDN IP in USA which is very slow for me.

So I am trying to make a whitelist for myself, which contains all Chinese "good" websites, and then tranlates the URLs in the whitelist with a Chinese DNS like DNSPOD, and everything else with cloudflare DOH DNS.

How to do that? The whitelist contains thousands URLs, so enter the URLs one by one will kill me. :'(

[What makes this interesting is, the log of the firewall shows it allows the connection from the internet to the netdata docker.]

Hi guys.

I am trying to use Caddy behind OpnSense as a reverse proxy. But there are some problems.

I have added NAT rules and firewall rules, just in the attachment.

But the Caddy can not get https certificate. It showed

Code Select Expand

failed to get certificate: acme: Error 400 - urn:ietf:params:acme:error:connection - Fetching http://home.example.me/.well-known/acme-challenge/XXXXXXXXXXXXXXXXXXXX: Timeout during connect (likely firewall problem)

The acme request port 80 or port 443 to get certificate, so I am thinking maybe it`s a firewall problem, or worse, the port 80 and port 443 are blocked by ISP.

So I tried to run a netdata in a docker, forwording port 19998(host) to 19999(docker)(because the port 19999 has been using by the netdata running in my host), and add a NAT rule to the firewall, it can be visited from the internet by http://home.example.me:19998.

So I changed the netdata docker port forward, from host 443 to docker 19999, and of course a NAT rule, the port test shows the host 443 port can be reached from the LAN, but I can`t visit netdata from the internet by http://home.example.me:443.

What makes this interesting is, the log of the firewall shows it allows the connection from the internet to the netdata docker.There is a screenshot in the attachment too.

I mean I can`t visit the netdata by http://home.example.me:443, so maybe the 443 port is blocked by ISP? But if it is blocked, why there is logs show the firewall accepted the connection?