Topics

1

General Discussion / Cannot get forced redirect of DNS to Pihole

« on: January 09, 2020, 11:11:58 am »

I'm trying to have all DNS traffic on my LAN redirected to my pihole. I've looked at several guides and tutorials and I think I have it setup properly but it doesn't seem to work.

My pihole is on 192.168.1.22

My Port Forward rule is (see screenshot):

Interface: LAN
Protocol: TCP/UDP
Source: invert -> 192.168.1.22
Source Port: DNS
Destination: invert -> LAN ADDRESS
Destination Port: DNS
Redirect Target: 192.168.1.22
Redirect Port: DNS
Nat Reflection: Disabled

https://imgur.com/UnEzcka

In the firewall rules LAN interface, I moved the rule that was created to the top (just under the automatic rules).

When I run 'nslookup test.com 192.168.1.22' I can see the lookup in the pihole logs. But when I run 'nslookup car.com 8.8.8.8', I don't see the lookup in the pihole logs meaning that it was able to look up directly to 8.8.8.8 and bypass the pihole.

Is there anything that I'm missing?

Thanks.

2

18.1 Legacy Series / [18.1.10] Nextcloud Backup Issues

« on: June 24, 2018, 12:03:24 am »

The new nextcloud backup appears to work, I put in the URL, username and password, and it correctly makes a folder and uploads an XML file. There are two issues.

1. The uploaded files appear to be encrypted/corrupted?
If I manually download a backup file, it shows a nice plain text XML file with all the settings that are readable. However the files that are uploaded to nextcloud are just giant blocks of characters, it looks like it might be encrypted but there's no option to actually choose encryption or even choose a password. (also the nextcloud files are only 73kb whereas the manual files are 2mb for me as they contain key files).

2. The time stamp on the created file is not correct. The dashboard on opnsense shows the correct time, the date on the filename is correct, but the part after that has the incorrect time stamp.

That being said, thank you to the devs for the nextcloud feature, looks very promising.

3

Web Proxy Filtering and Caching / NGINX Reverse Proxy from behind OPNSense Not Working

« on: June 03, 2018, 06:59:37 pm »

Hello all,

I've been searching various forums for a while now and I can't find the answer to what I'm doing wrong.

What I want to do: access services that I run on my unraid server behind opnsense such as nextcloud using a public IP address over HTTPS, ex: nextcloud.example.com. The issue seems to be opnsense sending the requests to the WEB GUI instead of the NGINX server. I'm running the NGINX in an UNRaid docker on port 81 (HTTP) and 443(HTTPS) to avoid conflicts with the unraid web gui. I want to be able to type https://nextcloud.example.com and have it automatically redirect from 443 to port 444 on my local NGINX IP address.

On my DNS account at namecheap for example.com, I have:

Type	Host	Value
A+DDNS	@	WAN IP (108.x.x.x)
CNAME	nextcloud	example.com.

using nslookup, example.com and nextcloud.example.com correctly resolve to my WAN IP.

On OPNSense I have the following NAT->port forward settings:


when I type example.com from within the network, I get to the opnsense web gui and it gives an error "Potential DNS rebind attack". When I go to example.com from outside (on my phone's data), I get connection time out.

as a test, I changed to web gui to use port 445 as HTTPS, and if I go to example.com from within my network, it redirects to example.com:445, indicating the web gui is capturing the request. From outside, I just get connection timeout.

On my unraid Let'd Encrypt-NGINX docker, I get: "Timeout during connect (likely firewall problem)" on all the domains and subdomains it tries.

I'm pretty sure the issue is the firewall not sending the requests from WAN to the NGINX but I don't know what the issue is. opnsense is pretty much a fresh install, those two port forward rules are the only thing I've added and it automatically added the NAT firewall rules on WAN. The only rules on LAN  are the default rules.

Thanks for the help!