1
24.7 Production Series / Re: Cannot Access Website Externally Using Cloudflare w/ Hestia DNS
« on: September 19, 2024, 07:56:56 am »
These are fantastic solutions, however opted into a new modem not directly managed by the ISP; or as OPNsense has logged, likely third party interference. #therebedragons
Solution:
- Purchase New Modem
-- Ensure new modem is only a modem, leaving Port/Firewall options to OPNsense.
Would like to recap the best solution to this issue, located here:
https://forum.opnsense.org/index.php?topic=6155.0
If users have:
- WEBSERVER
to
- NETWORK SWITCH
to
- OPNSENSE
to
- MODEM
To make this webserver publicly available:
1. Access
FIREWALL: NAT: PORT FORWARD
2. Add (+)
3. Change Rules
- Interface: WAN NETWORK
- TCP/IP Version: IPV4
- Protocol: (Conditional)
- Destination: WAN NETWORK address
- Destination port range: (Conditional)
- Redirect target IP: Single host or Network
-- IP of WEBSERVER
- Redirect target port: (Conditional; should update with Destination port range)
- Log: Check
- NAT reflection: Enable
- Filter rule association: Add associated filter rule (Rule)
- Save
4. Apply
Was able to tinker with,
- Services: Unbound DNS: (Overrides/Query Forwarding/DNS over TLS)
however found they provided no real solution compared to the settings listed above.
In addition to this, can only access my WEBSERVER externally, not internally.
Alternative solutions include:
- Using a TUNNEL PROVIDER with a compatible port.
- Using a CLOUD SERVER with NGINX setup as a REVERSE PROXY SERVER.
- Using a CLOUD SERVER with frp setup as a REVERSE PROXY SERVER.
Open to alternative ways of performing this action, however consider the issue resolved.
Thanks for your time, @bartjsmit.
Solution:
- Purchase New Modem
-- Ensure new modem is only a modem, leaving Port/Firewall options to OPNsense.
Would like to recap the best solution to this issue, located here:
https://forum.opnsense.org/index.php?topic=6155.0
If users have:
- WEBSERVER
to
- NETWORK SWITCH
to
- OPNSENSE
to
- MODEM
To make this webserver publicly available:
1. Access
FIREWALL: NAT: PORT FORWARD
2. Add (+)
3. Change Rules
- Interface: WAN NETWORK
- TCP/IP Version: IPV4
- Protocol: (Conditional)
- Destination: WAN NETWORK address
- Destination port range: (Conditional)
- Redirect target IP: Single host or Network
-- IP of WEBSERVER
- Redirect target port: (Conditional; should update with Destination port range)
- Log: Check
- NAT reflection: Enable
- Filter rule association: Add associated filter rule (Rule)
- Save
4. Apply
Was able to tinker with,
- Services: Unbound DNS: (Overrides/Query Forwarding/DNS over TLS)
however found they provided no real solution compared to the settings listed above.
In addition to this, can only access my WEBSERVER externally, not internally.
Alternative solutions include:
- Using a TUNNEL PROVIDER with a compatible port.
- Using a CLOUD SERVER with NGINX setup as a REVERSE PROXY SERVER.
- Using a CLOUD SERVER with frp setup as a REVERSE PROXY SERVER.
Open to alternative ways of performing this action, however consider the issue resolved.
Thanks for your time, @bartjsmit.