Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - dr_kay

Pages1
#1
24.1, 24.4 Legacy Series / Re: Requesting help for accessing DNS between 2 interfaces.
September 02, 2024, 05:27:14 PM
Firstly, thanks a lot of responding to my post!  :D , responses below to the best of my ability.

You are using Local DNS records on Pihole that point to NPM as Reverse proxy to the specific Hosts?
Yes

Do you have proper MASKs configured on all of these devices? /24
Not entirely sure about this, but all the services get their IP's directly from OPNSense on Network: LAB which is on 10.10.200.0/24 Network

Can your PC from which you try to access the domain resolve the domain? do nslookup sw-lab.nerdbit.org

Last login: Mon Sep  2 22:13:36 on ttys000~ % nslookup sw-lab.nerdbit.orgServer:      10.10.100.1 Address:   10.10.100.1#53
** server can't find sw-lab.nerdbit.org: NXDOMAINIs your PC using the DNS that has these local records set?

This PC/Laptop is on LAN network which is on 10.10.100.0/24 Network.
hough not explicity specified, the DNS is 10.10.100.1 (which basically is OPNSense Firewall itself), I do however have adguard running on it, not sure if that will help?

Do you have proper certificates or wildcard certificate on NPM with domains properly set to use these certs?

As I'm navigating my way through this, I simply setup a wildcard .*nerdbit.org SSL and used it for all the services and seems to be working as long as I'm connected to LAB network only. Open to making changes.

I've the domain registered with Cloudfare if that helps.Thanks yet again.
#2
24.1, 24.4 Legacy Series / Requesting help for accessing DNS between 2 interfaces.
September 02, 2024, 02:48:24 PM
Reaching out to more knowledgable folks here! Please assist. TA

System Info:

OPNsense 24.1.10_8-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.14

Network A
LAN
10.10.100.0/24
Interface: igc0

Network B
LAB
10.10.200.0/24
Interface: igc1

Firewall Rule dictate:
- All Traffic from LAN to LAB is allowed to pas , however not the other way around.
i.e: No Traffic can pass from LAB to LAN

In my LAB Network, I've a Proxmox Machine running bunch of services across various VM's and LXC's each with individual IP allocation.

Proxmox IP: 10.10.200.40
Primary DNS: 10.10.200.3 (pihole1) which runs in an LXC
Alternative DNS: 10.10.200.4 (pihole2) which runs in an LXC

Both instances have Local DNS entries as can be seen in the screenshot below.
https://ibb.co/fGVpD6h

Nginx Proxy Manager IP: 10.10.200.2

These are then pointed to correct ports and whatnot below.
https://ibb.co/h9CpZL6

End result being that I'm available to reach my internal services via domain name and not have to remember IP's! This took a crap loads to figure out.

ISSUE:

As our main network is LAN , I'd like to access and manage these through laptops, pc's connected on the LAN Network but I'm unable to as it simply fails saying "DNS_PROBE_FINISHED_NXDOMAIN" on all browsers.

Although, I'm able to access each of the services via their IP's just fine.

Example:

Switch on LAB Network
IP: 10.10.200.10 (can access)
URL: https://sw-lab.nerdbit.org (cannot access)

I've a feeling this is something to do with DNS, but I'm hitting a brick wall and unable to figure out where? Would appreciate any help at all. Happy to shout a beer or donate! Been big time supporter of OPNSense project and cant imagine life without it to be honest.

Cheers
Kay!
Pages1