Show Posts
1
General Discussion / Network Timeout when connecting to own external IP via Port Forwarding
« on: August 29, 2021, 09:41:32 pm »
Hi,
I'm using the latest 21.7.1 but am quite new to OPNSense, so hopefully my question is not too dumb:
I configured port forwarding on ports 80 and 443 for an external WAN IP 94.xxx.xxx.xxx (is Virtual IP on interface WAN of OPNSense) to an internal LAN IP 172.xxx.xxx.xxx of a webserver in the LAN.
Connections to the HTTP and HTTPS ports work from both external WAN computers as well as internal LAN, IPSEC or OPT1 computers.
The only exception is, when I try to access the external IP 94.xxx.xxx.xxx from the web server itself, which should be providing the web pages.... then I get a network timeout.
Is there a specific rule or setting that I have to set to allow network traffic from the webserver to itself when calling oneself via its own external IP address?
I also activated NAT reflection, but there is no difference with or without this setting. The firewall live logs also show me that the allow rule is triggered when calling 94.xxx.xxx.xxx from the web server itself. However still there does not seem to be a successful connection from the 172.xxx.xxx.xxx webserver to the firewall via 94.xxx.xxx.xxx and back to itself.
How can I enable network connections to the webserver from and to itself by using the "its" external IP address?
Greetings from Germany
Oli4
I'm using the latest 21.7.1 but am quite new to OPNSense, so hopefully my question is not too dumb:
I configured port forwarding on ports 80 and 443 for an external WAN IP 94.xxx.xxx.xxx (is Virtual IP on interface WAN of OPNSense) to an internal LAN IP 172.xxx.xxx.xxx of a webserver in the LAN.
Connections to the HTTP and HTTPS ports work from both external WAN computers as well as internal LAN, IPSEC or OPT1 computers.
The only exception is, when I try to access the external IP 94.xxx.xxx.xxx from the web server itself, which should be providing the web pages.... then I get a network timeout.
Is there a specific rule or setting that I have to set to allow network traffic from the webserver to itself when calling oneself via its own external IP address?
I also activated NAT reflection, but there is no difference with or without this setting. The firewall live logs also show me that the allow rule is triggered when calling 94.xxx.xxx.xxx from the web server itself. However still there does not seem to be a successful connection from the 172.xxx.xxx.xxx webserver to the firewall via 94.xxx.xxx.xxx and back to itself.
How can I enable network connections to the webserver from and to itself by using the "its" external IP address?
Greetings from Germany
Oli4