Ports Closing NGINX

Started by Selfhoster, November 01, 2023, 09:48:11 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
November 01, 2023, 11:52:16 AM #15
Quote from: Selfhoster on November 01, 2023, 11:46:18 AM
its gone back and ports closing again now:(
Disclosure: I don't do docker nor containers.
That out of the way, what tells you ports are closed, where are the listeners?
November 01, 2023, 12:10:39 PM #16
So its staying Open for around 10 mins then closing all the ports again, very odd?
November 01, 2023, 12:13:17 PM #17
Quote from: cookiemonster on November 01, 2023, 11:52:16 AM
Quote from: Selfhoster on November 01, 2023, 11:46:18 AM
its gone back and ports closing again now:(
Disclosure: I don't do docker nor containers.
That out of the way, what tells you ports are closed, where are the listeners?

Im checking Via DYNU the company that host my domains, they are saying 80 & 443 are closed. Again the "fix" is to restart NGINX . Im not sure why it just decided to close them.. is there a timeout rule I'm missing?
November 01, 2023, 01:00:53 PM #18 Last Edit: November 01, 2023, 01:04:23 PM by Monviech
There are timeout rules, it's called "states". If a state times out, the connection is closed. That's probably what makes it "look" like ports are closed, even if they are not. You can change the behavior of the OPNsense regarding states. Firewall: Settings: Advanced: Firewall Optimization or Schedule States. But be careful with those.



When you restart NGINX, the states are probably initiated again.

Check "Firewall: Diagnostics: States" and find the "Rule" that allows your port forward. Also look in Firewall: Diagnostics: Sessions" to see if the TCP Sessions Age and Expires is working correctly.
Hardware:
DEC740
November 01, 2023, 01:16:32 PM #19
Quote from: Monviech on November 01, 2023, 01:00:53 PM
There are timeout rules, it's called "states". If a state times out, the connection is closed. That's probably what makes it "look" like ports are closed, even if they are not. You can change the behavior of the OPNsense regarding states. Firewall: Settings: Advanced: Firewall Optimization or Schedule States. But be careful with those.



When you restart NGINX, the states are probably initiated again.

Check "Firewall: Diagnostics: States" and find the "Rule" that allows your port forward. Also look in Firewall: Diagnostics: Sessions" to see if the TCP Sessions Age and Expires is working correctly.

that's all I can find for my https://imgur.com/a/lCLEdV1 "rule" oddly I cant find anything for my specific plan Rule called NGINX
November 01, 2023, 01:20:41 PM #20
You can only find a state from an external IP if it tries to access your nginx server. What I see here are only internal IP to internal IP connections.

Can you try to open the default webpage of your nginx server from a remote source (maybe your mobile phone) and see if the session establishes then?
Hardware:
DEC740
November 01, 2023, 01:26:25 PM #21
it wont connect the page jsut tells me it cant complete the request.

but this comes up

all      tcp   192.168.1.193:39402   213.120.42.217:443   192.168.1.100:443   TIME_WAIT:TIME_WAIT   Reflection NAT Rule Webserver 443

maybe the nat reflection is interfering somehow?
November 01, 2023, 01:46:14 PM #22
Maybe it would be best if you deaktivate your current Outbound NAT and Port Forward rules, and start with a simple port forward without reflection. Then verify that your phone (Which should be connected to LTE, not to your Wifi) can connect to your NGINX server. If that works, you can continue again with the reflection rules.
Hardware:
DEC740
November 01, 2023, 01:50:32 PM #23
doesnt make a diffrence
November 01, 2023, 01:56:19 PM #24
I guess I'm unable to help then.
Hardware:
DEC740
November 01, 2023, 02:03:59 PM #25
I turned off the floating Rules and the Nats still nothing, again the only thing that works is resetting the docker but then it dies
November 01, 2023, 02:17:38 PM #26
if it helps im getting error 408 now
November 01, 2023, 02:19:50 PM #27
draw yourself a diagram of your setup, it'll help you and the forum to visualise
November 01, 2023, 02:51:48 PM #28
TBH im giving up, whilst its a nice bit of kit. spending 4 days just trying to get port forwarding to work properly is a joke.
Whatever it is it is 100% opnsense as I've just dialed up openwrt and it works without a hitch.

i did find this but it a lot didn't help me https://www.reddit.com/r/OPNsenseFirewall/comments/mcwqce/port_forwarding_to_nginx_proxy_on_other_server/

I might give myself a go with Swag and see if its just NGPM being awkward but if that doesn't work I will have to close it and move on.
November 01, 2023, 03:44:27 PM #29 Last Edit: November 01, 2023, 04:13:10 PM by Selfhoster
ok  i think im onto something, i have set all my Subsomains up as Conical names on DYNU. It is the subdomains having issues getting through the wall. Its also saying timeout so I'm not sure if there is a latency issue ?

My physical domain is not having an issue
Print
Go Up Pages 1 2 3
User actions