OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of DrakeVanCaster »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - DrakeVanCaster

Pages: [1]
1
23.7 Legacy Series / Re: Cannot access services from Internal LAN
« on: October 04, 2023, 04:37:34 pm »
Hi,
I noticed the error section. I was reading something and forgot to move back to correct forum area.
I already requested moderator to move the topic.

I already setup DNS Override as per image attached.

What I cannot understand is why I need to touch HAProxy, outside of my network, all works great... without any issue. Every service are reached correctly.

The problem in internal network.
Is there something I can screenshot that can help?

2
23.7 Legacy Series / Cannot access services from Internal LAN
« on: October 04, 2023, 03:07:45 pm »
Hi guys,
I'm here asking for an hand because I'm loosing any hope.
English is not my primary language, so, from now, sorry and be patience with me  8)

Below, the scenario BEFORE OPNsense implementation.

ISP ROUTER -> port 80 and 443 forwarded to Synology NAS's reverse proxy and configurated.
Because I have some self-hosted apps, I created some DNS domain into my private domain xyz.it like NAS.xyz.it, PASS.xyz, RDP.xyz.it, and so on...
With Synology's reverse proxy all worked well.


Two weeks ago I installed my first opnSense device... put it in DMZ and configured.
Imported my XYZ.it certificate and setup HAProxy with help by several guides found online.

All is working great. externally from my network, I can reach all services I need in HTTPS


Problem are:

1) I can reach those services from Internal LAN only if I put the IP address with simple HTTP (not https). This is a problem because BitWarden (a self hosted password vault) can be reached in HTTP but when I enter my account for login it fails because it request HTTPS.

2) From outside of my network every site like PASS.xyz.it, NAS.xyz.itm, RDP.xyz.it point correctly to every respective services.
From internal network, they all goes to the same page.. for example NAS.xyz and this is getting me crazy

Please could someone help me?


Attached:
Firewall Rules (WAN and LAN)
HAProxy config




Code: [Select]
#
# Automatically generated configuration.
# Do not edit this file manually.
#

global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbthread                    1
    hard-stop-after             60s
    no strict-limits
    tune.ssl.default-dh-param   2048
    spread-checks               2
    tune.bufsize                16384
    tune.lua.maxmem             0
    log                         /var/run/log local0 info
    lua-prepend-path            /tmp/haproxy/lua/?.lua

defaults
    log     global
    option redispatch -1
    maxconn 5000
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats




# Frontend: Public_Portal ()
frontend Public_Portal
    bind 192.168.254.1:443 name 192.168.254.1:443 ssl  crt-list /tmp/haproxy/ssl/651c7166417473.44300382.certlist
    mode http
    option http-keep-alive

    # logging options
    # ACL: Nas_DSM
    acl acl_651c7797f243c0.49412538 hdr_beg(host) -i nas
    # ACL: Guacamole
    acl acl_651c701911d695.97788597 hdr_beg(host) -i rdp
    # ACL: Bitwarden
    acl acl_651c754a95cbd0.71359706 hdr_beg(host) -i pass
    # ACL: Plex
    acl acl_651c76bee6c989.69820384 hdr_beg(host) -i plex

    # ACTION: Nas_DSM
    use_backend Nas_DSM if acl_651c7797f243c0.49412538
    # ACTION: Guacamole
    use_backend Guacamole if acl_651c701911d695.97788597
    # ACTION: BitWarden
    use_backend BitWarden if acl_651c754a95cbd0.71359706
    # ACTION: Plex
    use_backend Plex if acl_651c76bee6c989.69820384

# Backend: Guacamole ()
backend Guacamole
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    http-reuse safe
    server Guacamole 192.168.100.200:8080

# Backend: BitWarden ()
backend BitWarden
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    http-reuse safe
    server BitWarden 192.168.100.200:5151 ssl verify none

# Backend: Plex ()
backend Plex
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    http-reuse safe
    server Plex 192.168.100.200:32400 ssl verify none

# Backend: Nas_DSM ()
backend Nas_DSM
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    http-reuse safe
    server Nas_DSM 192.168.100.200:5001 ssl verify none



# statistics are DISABLED

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2