Topics

1

20.1 Legacy Series / Nat reflection doesn`t work and outbound NAT has been failed.

« on: August 08, 2020, 04:50:55 pm »

Hello everyone, I am trying to build a website with my own server in my home.

For example, the hostname is example.me, I have updated the hostname withthe WAN ip address(1.1.1.1 for example), and the server IP is 192.168.1.10. Sadly the 80 and 443 ports can`t be reachable due to my ISP policies, so I add two NAT rules, 1.1.1.1:10080-->192.168.1.10:80, 1.1.1.1:8443-->192.168.1.10:443.

Now I can access the website from the Internet by visiting https://example.me:8443, great, but it doesn`t work on the internal network.

So I disabled the NAT reflection and add a outbound NAT rule like this:
Interface-----------------------LAN
Source-------------------------LAN NET
Source Port--------------------ANY
Destination--------------------WAN Address
Dest Port-----------------------8443
Translation / target------------192.168.1.10
Translation / port:-------------443

It still doesn`t work.

Anyone, anyone can help me? I've been tormented by this problem for three hours.

2

19.1 Legacy Series / How to translate urls with two DNS servers?

« on: January 04, 2020, 03:53:54 pm »

Recently I found out the ISP is hijacking DNS, so when I visit some websites or URLs I can`t get the right IP.

In China, the ISP now does not hijacking websites and URLs with a blacklist, as there are more and more websites we can`t visit today, I think they are doing it with a whitelist. This sucks.

Now I am using DNSCrypt-Proxy, this plugin is great, but there is another problem. When I am visiting some websites in ISP`s whitelist which they will not do DNS hijacking, the cloudflare DNS tranlates a CDN IP in USA which is very slow for me.

So I am trying to make a whitelist for myself, which contains all Chinese "good" websites, and then tranlates the URLs in the whitelist with a Chinese DNS like DNSPOD, and everything else with cloudflare DOH DNS.

How to do that? The whitelist contains thousands URLs, so enter the URLs one by one will kill me.

3

18.7 Legacy Series / Firewall shows pass to 443 port but can`t be reached.

« on: December 07, 2018, 08:34:43 pm »

Hi guys.

I am trying to use Caddy behind OpnSense as a reverse proxy. But there are some problems.

I have added NAT rules and firewall rules, just in the attachment.

But the Caddy can not get https certificate. It showed

Code: [Select]

failed to get certificate: acme: Error 400 - urn:ietf:params:acme:error:connection - Fetching http://home.example.me/.well-known/acme-challenge/XXXXXXXXXXXXXXXXXXXX: Timeout during connect (likely firewall problem)
The acme request port 80 or port 443 to get certificate, so I am thinking maybe it`s a firewall problem, or worse, the port 80 and port 443 are blocked by ISP.

So I tried to run a netdata in a docker, forwording port 19998(host) to 19999(docker)(because the port 19999 has been using by the netdata running in my host), and add a NAT rule to the firewall, it can be visited from the internet by http://home.example.me:19998.

So I changed the netdata docker port forward, from host 443 to docker 19999, and of course a NAT rule, the port test shows the host 443 port can be reached from the LAN, but I can`t visit netdata from the internet by http://home.example.me:443.

What makes this interesting is, the log of the firewall shows it allows the connection from the internet to the netdata docker.There is a screenshot in the attachment too.

I mean I can`t visit the netdata by http://home.example.me:443, so maybe the 443 port is blocked by ISP? But if it is blocked, why there is logs show the firewall accepted the connection?