Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - fbeye

Pages: [1] 2 3 ... 12

Virtual private networks / TOR Plugin questions

« on: Today at 05:11:42 am »

Hello

So, I see quite a few links on google and here about configuring etc, but what really is it used for? Is it beneficial beyond me already having NordVPN+OpenVPN config or my Wireguard [really just for home use]? Is it something I should use?
Just casually curious of peoples usages and thoughts on it.

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 02, 2024, 08:27:24 pm »

Roger that. Thank you for everythig

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 02, 2024, 08:17:04 pm »

Not sure if I am getting ahead of myself, but I assume I am able to add my internal [192.168.1.180] Postfix/Dovecot [Ports 25 and 993] to this Caddy? I’d assume I would need to leave WAN Side Ports 25/993 but change the LAN side and then would Crowdsec be able to monitor that via Caddy logs? I saw there was a postfix/Dovecot crowdsec collection but also I know they would have to reside on the firewall/where crowdsec is installed to be utilized.

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 02, 2024, 07:40:07 pm »

I figured it out, and I apologize.

I did not even think about this. In my qbit docker container, I have LAN_ACCESS = 192.168.0.0/16,172.16.2.0/24

It was blocking my remote device, my iPad. So I added that /16 network and it works fine.

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 02, 2024, 07:35:10 pm »

Quote

@OPNsense:~ # curl -vv http://192.168.2.181:8080
11:31:32.108728 [0-0] * [SETUP] added
11:31:32.109149 [0-0] * Trying 192.168.2.181:8080...
11:31:32.110056 [0-0] * Connected to 192.168.2.181 (192.168.2.181) port 8080
11:31:32.110254 [0-0] * using HTTP/1.x
11:31:32.110495 [0-0] > GET / HTTP/1.1
11:31:32.110495 [0-0] > Host: 192.168.2.181:8080
11:31:32.110495 [0-0] > User-Agent: curl/8.10.1
11:31:32.110495 [0-0] > Accept: */*
11:31:32.110495 [0-0] >
11:31:32.110952 [0-0] * Request completely sent off
11:31:32.114530 [0-0] < HTTP/1.1 200 OK
11:31:32.114646 [0-0] < cache-control: no-store
11:31:32.114711 [0-0] < connection: keep-alive
11:31:32.114787 [0-0] < content-length: 1674
11:31:32.114852 [0-0] < content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; object-src 'none'; form-action 'self'; frame-ancestors 'self';
11:31:32.114917 [0-0] < content-type: text/html
11:31:32.114977 [0-0] < cross-origin-opener-policy: same-origin
11:31:32.115056 [0-0] < date: Mon, 02 Dec 2024 18:31:32 GMT
11:31:32.115115 [0-0] < referrer-policy: same-origin
11:31:32.115175 [0-0] < x-content-type-options: nosniff
11:31:32.115240 [0-0] < x-frame-options: SAMEORIGIN
11:31:32.115320 [0-0] < x-xss-protection: 1; mode=block
11:31:32.115382 [0-0] <
<!DOCTYPE html>
<html lang="en">

<head>
<meta charset="UTF-8" />
<title>qBittorrent Web UI</title>
<link rel="icon" type="image/png" href="images/qbittorrent32.png" />
<link rel="icon" type="image/svg+xml" href="images/qbittorrent-tray.svg" />
<link rel="stylesheet" type="text/css" href="css/login.css?v=1hsus4y" />
<noscript>
<link rel="stylesheet" type="text/css" href="css/noscript.css?v=1hsus4y" />
</noscript>
<script src="scripts/login.js?locale=en&v=1hsus4y"></script>
</head>

<body>
<noscript id="noscript">
<h1>JavaScript Required! You must enable JavaScript for the Web UI to work properly</h1>
</noscript>
<div id="main">
<h1>qBittorrent Web UI</h1>
<div id="logo" class="col">
<img src="images/qbittorrent-tray.svg" alt="qBittorrent logo" />
</div>
<div id="formplace" class="col">
<form id="loginform" method="post" onsubmit="submitLoginForm(event);">
<div class="row">
<label for="username">Username</label><br />
<input type="text" id="username" name="username" autocomplete="username" required />
</div>
<div class="row">
<label for="password">Password</label><br />
<input type="password" id="password" name="password" autocomplete="current-password" required />
</div>
<div class="row">
<input type="submit" id="login" value="Login" />
</div>
</form>
</div>
<div id="error_msg"></div>
</div>
</body>

</html>
11:31:32.115632 [0-0] * Connection #0 to host 192.168.2.181 left intact

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 02, 2024, 07:26:41 pm »

It is like 192.168.2.181:8080 is unreachable, but from OPNSense I can ping that address. Do I maybe need a static route to that IP? Seems I would not I can ping it and also have a static route to that Network, 192.168.2.0.

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 02, 2024, 07:05:14 pm »

Quote

2024-12-02T18:01:45 Error caddy error ts:2024-12-02T18:01:45Z logger:http.log.error msg:dial tcp 192.168.2.181:8080: i/o timeout request:{remote_ip:108.147.172.59 remote_port:42719 client_ip:108.147.172.59 proto:HTTP/1.1 method:GET host:qbitmain.h0use0fm.duckdns.org uri:/favicon.ico headers:{User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0] Accept-Language:[en-US,en;q=0.5] Sec-Gpc:[1] Priority:[u=6] Via:[HTTP/1.1 zphn1amcuc01ism005.wnsnet.attws.com] Accept:[image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5] Accept-Encoding:[gzip, deflate] Connection:[keep-alive] Referer:[http://qbitmain.h0use0fm.duckdns.org/]}} duration:3.017842969 status:502 err_id:ptig4kk4m err_trace:reverseproxy.statusError (reverseproxy.go:1269)}
2024-12-02T18:01:41 Error caddy error ts:2024-12-02T18:01:41Z logger:http.log.error msg:dial tcp 192.168.2.181:8080: i/o timeout request:{remote_ip:108.147.172.59 remote_port:21407 client_ip:108.147.172.59 proto:HTTP/1.1 method:GET host:qbitmain.h0use0fm.duckdns.org uri:/ headers:{Accept-Language:[en-US,en;q=0.5] Upgrade-Insecure-Requests:[1] Sec-Gpc:[1] Connection:[keep-alive] Priority:[u=0, i] Via:[HTTP/1.1 zphn1amcuc01ism005.wnsnet.attws.com] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8] Accept-Encoding:[gzip, deflate]}} duration:3.005683853 status:502 err_id:5z6rgfpv3 err_trace:reverseproxy.statusError (reverseproxy.go:1269)

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 02, 2024, 07:03:45 pm »

Quote

02T18:01:45 Error caddy "error","ts":"2024-12-02T18:01:45Z","logger":"http.log.error","msg":"dial tcp 192.168.2.181:8080: i/o timeout","request":{"remote_ip":"108.147.172.59","remote_port":"42719","client_ip":"108.147.172.59","proto":"HTTP/1.1","method":"GET","host":"qbitmain.h0use0fm.duckdns.org","uri":"/favicon.ico","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Gpc":["1"],"Priority":["u=6"],"Via":["HTTP/1.1 zphn1amcuc01ism005.wnsnet.attws.com"],"Accept":["image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5"],"Accept-Encoding":["gzip, deflate"],"Connection":["keep-alive"],"Referer":["http://qbitmain.h0use0fm.duckdns.org/"]}},"duration":3.017842969,"status":502,"err_id":"ptig4kk4m","err_trace":"reverseproxy.statusError (reverseproxy.go:1269)"}
2024-12-02T18:01:41 Error caddy "error","ts":"2024-12-02T18:01:41Z","logger":"http.log.error","msg":"dial tcp 192.168.2.181:8080: i/o timeout","request":{"remote_ip":"108.147.172.59","remote_port":"21407","client_ip":"108.147.172.59","proto":"HTTP/1.1","method":"GET","host":"qbitmain.h0use0fm.duckdns.org","uri":"/","headers":{"Accept-Language":["en-US,en;q=0.5"],"Upgrade-Insecure-Requests":["1"],"Sec-Gpc":["1"],"Connection":["keep-alive"],"Priority":["u=0, i"],"Via":["HTTP/1.1 zphn1amcuc01ism005.wnsnet.attws.com"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate"]}},"duration":3.005683853,"status":502,"err_id":"5z6rgfpv3","err_trace":"reverseproxy.statusError (reverseproxy.go:1269)"}

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 02, 2024, 05:33:22 pm »

Hello, my name is Matt, I have a serious mental disability.

Installed Caddy, set up the LAN/WAN Rules as suggested, changed GUI to different port etc. applied the LAN/WAN rules as suggested.

Under Caddy;

Domain:
https://
service.host.duckdns.org
443
ACME

Handler:
https://service.host.duckdns.org
Subdomain- None
Reverse Proxy
http://
192.168.2.181
8080

When I try to connect just times out. I connected to my WG and verified is up and running (qbit on 192.168.2.181:8080).

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 02, 2024, 01:20:59 am »

Absolutely… I only did the NGINX plugin cause I currently run NGINX in VM/Docker and actually found the OPNS plugin to be 1000% different, so no loyalties to it.

I guess I went with the NGINX as well cause it had that visual step by step, and not assume I know anything, guide to it. But yes I’ll install it no problem.

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 01, 2024, 09:23:05 pm »

I guess what I am saying is, without utilizing nginx on Opnsens, I can access anything on any network on any of the 6 Networks I have with port forward NAT. So these services are open and running as they should. For some reason my nginx is not relaying to them. Like right now if I set a port forward for 8080 I’ll
Access qbit from the internet easy. It’s just when I don’t port forward and try through nginx , it don’t make it.

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 01, 2024, 09:19:54 pm »

Well I have 20 docker containers on there. I have no issues with anything going in or out, only now trying to go through NGINX.
Now 172.16.2.0 has ZERO Rules or NAT or anything, it is simply the link between OPNSENSE and SG350XG. Everything works fine when I do port forward stuff (in terms of not using NGINX but like access the stuff just with port forward).
I can’t imagine 172.16.2.0 even needs any port forward or rule as I have static routes to “find” 192.168.1.0 through it

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 01, 2024, 08:33:46 pm »

Interesting..

Quote

fbeye@omv181:~$ sudo tcpdump -i br0 port 8080
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on br0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
^C
0 packets captured
6 packets received by filter
0 packets dropped by kernel

This machine is running OMV, OpenMediaVault and Qbit is in a docker container, but still using the OMV IP, 192.168.2.181 and is using Port 8080.

So I have no idea if br0 is a legit Interface as in OMV I have it set as a Bridge network to my physical Interface.
It has to be the right Interface cause when I remove port, it is ENDLESSSS scrolling of data. When I put Port 8080 back and let it sit for 2 minutes as I try to connect and stop it, after I view the .pcap file, it is empty. But the file when no port specified is a huge file. So it seems Port 8080 is not being sent through/pushed through the OPNSense?

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 01, 2024, 06:31:12 pm »

Other than follow the steps in verifying I put in correct direction firewall rules and ports and http/https stuff, I have no idea how to perform a packet capture or tcpdump

24.7 Production Series / Re: Can not get NGINX to allow connections..

« on: December 01, 2024, 05:37:19 pm »

Firewall rule shows it trying to connect and PASS but it is not being directed it seems.

Pages: [1] 2 3 ... 12