How do I allow my web server to connect to wordpress.org

[stonelar]

I have an Ubuntu 20.04 web server running behind OPNsense firewall, and it works fine. Except, when I run a WordPress installation/app on it, OPNsense blocks the connection from my web server to wordpress.org using the "Default deny rule" and I cannot bypass it. I've tried NAT port forward, outbound NAT, floating firewall rules. However, that Default deny rule seems to always block the connection from my 192.168.x.x (web server) to any of the 3 wordpress addresses (198.143.164.251 api.wordpress.org, 198.143.164.252 wordpress.org, 198.143.164.250 downloads.wordpress.org).

Here is the output from the firewall live view log (/ui/diagnostics/firewall/log): (see picture attached)

Moreover, when I do "ping wordress.org" from my web server's SSH terminal, the ping is successful. A "curl -I wordpress.org" fails.

I need help figuring out what possible firewall rule(s) or other solution there is in order to allow my web server to connect to wordpress.org so I can do updates and such in the WordPress admin panel (which mostly works at this time except for the above problem).

[RamSense]

Are you running nginx reverse proxy with WAF enabled?
Then add your webserver ip to the http location (advanced mode) to the field "Naxsi Trusted Source IPs"

[therapistfarflung]

you must add your IP to http. There is something like "naxsi source IP"

[RamSense]

@therapistfarflung, did you mean the field "File System Root" ?
I remember that I could only type there 1 ip (?). Since you can have 1 server available on ipv4 and ipv6 ip I did the "Naxsi Trusted Source IPs" or is there another way with "File System Root" ?

@Stonelar, did it solve your problems?

[stonelar]

Thanks for the tip all!

I'll have to research how to to set up Nginx for OPNsense plug-in because I installed it, and I can't make sense of the configuration options out of the box.

[stonelar]

After reading up a little on Nginx for OPNsense, I have decided that I don't need that plug-in since I'm running a dedicated machine for my real NGINX server as well as Apache.

So, my question still remains: How do I allow the WordPress IP's (198.143.164.251 api.wordpress.org, 198.143.164.252 wordpress.org, 198.143.164.250 downloads.wordpress.org) to pass through my OPNsense firewall?

[Patrick M. Hausen]

What outbound firewall rules do you have on the interface of your OPNsense that your web server is connected to?

[stonelar]

Firewall: Rules: LAN
9     Automatically generated rules
IPv4 *    LAN net    *    *    *    *    *    Default allow LAN to any rule
IPv6 *    LAN net    *    *    *    *    *    Default allow LAN IPv6 to any rule

[Lulu Silla]

You have no idea how much respect I have for y'all, guys! I'm quite new to this IT world, and the more I learn, the more confused I get. Before covid, I never even attempted to get a deeper understanding of these details. However, the pandemic took a severe toll on my financial situation. I was a personal fitness trainer, and all I had to do was get some help with my website's design. The guys working at https://prosvit.design/fitness-website-design/ always had my back. Now I've lost my momentum, and I'm trying to learn something new. It's never too late for a change! Cheers.

[stonelar]

LOL! Nice Lulu! That's great to hear! Welcome to the fun world of IT! Good to have you! )