How do I allow my web server to connect to wordpress.org

Started by stonelar, April 18, 2022, 12:51:35 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 18, 2022, 12:51:35 PM
I have an Ubuntu 20.04 web server running behind OPNsense firewall, and it works fine. Except, when I run a WordPress installation/app on it, OPNsense blocks the connection from my web server to wordpress.org using the "Default deny rule" and I cannot bypass it. I've tried NAT port forward, outbound NAT, floating firewall rules. However, that Default deny rule seems to always block the connection from my 192.168.x.x (web server) to any of the 3 wordpress addresses (198.143.164.251 api.wordpress.org, 198.143.164.252 wordpress.org, 198.143.164.250 downloads.wordpress.org).

Here is the output from the firewall live view log (/ui/diagnostics/firewall/log): (see picture attached)

Moreover, when I do "ping wordress.org" from my web server's SSH terminal, the ping is successful. A "curl -I wordpress.org" fails.

I need help figuring out what possible firewall rule(s) or other solution there is in order to allow my web server to connect to wordpress.org so I can do updates and such in the WordPress admin panel (which mostly works at this time except for the above problem).
April 18, 2022, 01:25:56 PM #1
Are you running nginx reverse proxy with WAF enabled?
Then add your webserver ip to the http location (advanced mode) to the field "Naxsi Trusted Source IPs"
Deciso DEC850v2
April 18, 2022, 01:52:49 PM #2
you must add your IP to http. There is something like "naxsi source IP"
April 18, 2022, 03:54:54 PM #3
@therapistfarflung, did you mean the field "File System Root" ?
I remember that I could only type there 1 ip (?). Since you can have 1 server available on ipv4 and ipv6 ip I did the "Naxsi Trusted Source IPs" or is there another way with "File System Root" ?

@Stonelar, did it solve your problems?
Deciso DEC850v2
April 21, 2022, 12:36:10 AM #4
Thanks for the tip all! :)

I'll have to research how to to set up Nginx for OPNsense plug-in because I installed it, and I can't make sense of the configuration options out of the box.
April 22, 2022, 06:19:42 AM #5
After reading up a little on Nginx for OPNsense, I have decided that I don't need that plug-in since I'm running a dedicated machine for my real NGINX server as well as Apache.

So, my question still remains: How do I allow the WordPress IP's (198.143.164.251 api.wordpress.org, 198.143.164.252 wordpress.org, 198.143.164.250 downloads.wordpress.org) to pass through my OPNsense firewall?
April 22, 2022, 09:09:55 AM #6
What outbound firewall rules do you have on the interface of your OPNsense that your web server is connected to?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 22, 2022, 09:48:52 AM #7
Firewall: Rules: LAN
9     Automatically generated rules
IPv4 *    LAN net    *    *    *    *    *    Default allow LAN to any rule
IPv6 *    LAN net    *    *    *    *    *    Default allow LAN IPv6 to any rule
May 25, 2022, 11:52:39 PM #8 Last Edit: May 28, 2022, 11:29:05 PM by Lulu Silla
You have no idea how much respect I have for y'all, guys! I'm quite new to this IT world, and the more I learn, the more confused I get. Before covid, I never even attempted to get a deeper understanding of these details. However, the pandemic took a severe toll on my financial situation. I was a personal fitness trainer, and all I had to do was get some help with my website's design. The guys working at https://prosvit.design/fitness-website-design/ always had my back. Now I've lost my momentum, and I'm trying to learn something new. It's never too late for a change! Cheers.
May 27, 2022, 11:57:18 PM #9
LOL! :) Nice Lulu! That's great to hear! Welcome to the fun world of IT! Good to have you! :)))
Print
Go Up Pages1
User actions