Nginx Plugin as revers proxy, Issue on reaching external domain from local

[bradai.zied]

Hello,

I moved from pfsense to opnsense, I do like it.
I have OPNsense 24.7.11_2-amd64, with only one Wan interface,
I'm using Nginx plugin to expose some web service, it is working fine from outside but it is not working from local networ, i tried many things it is not giving me any feedback.
To take in considertion, i have some port forward that is working fine from outside and inside ( NAT reflection is enabled), I would prefer to target my web application from outside, due Nginx is the one doing the SSL offloading, the trafic to the application are http, that why i'm avoiding translating the DNS name locally.

Do you have an idea what is the request config to make it work?

THank in advance

[aeschma]

Hi,

same topic here.

I think I have a NAT Reflection problem. If nginx listen on a VIP and I do a NAT Port Forward to this VIP all works fine. If nginx listens direct on the WAN VIP, nginx is not reachable from inside the LAN. I think we have to create manual an Outbound NAT rule. At the moment I m not sure how to create the rule because I have multiple WAN VIP's in my setup.

[aeschma]

Hi,

here the solution which works for me:

Firewall > Outbound Nat -> Switch to Hybrid Mode

Create a new rule:
Interface: WAN
Source: any
Destination Port: 443 (or 80)
Translation/Targe: WAN_adress

This rule translates your Adress so the nginx proxy answers .....

Edit: I think a better solution is your LAN adresses as Source .... but not sure what is best practice here