Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Newbie
    Join Date
    Feb 2021
    Posts
    7

    Default unable to resolve self hosted website while on network (works externally)

    Hey All,

    I setup a home lab to play around with virtualization, networking, web hosting, and just general linux things. I started with Proxmox as the host on my system, and installed a few guests. I bet you can guess what one of the guests is (spoiler, it's Untangle). My network topology is shown below, but essentially I have my home network (comprised of Ubiquity networking gear) separated into "normal" devices (computers, game consoles, etc), IoT devices (smart home stuff), and Lab (Server).

    My Server has 7 ethernet ports. I am currently using 1 for proxmox management and internally accessible only servers like my Unifi Controller, secure NAS, etc. The 2nd port is the "external" port for the Untangle VM in bridge mode with the 3rd port.

    Attachment 11062

    So the problem I am having is that I am setting up my reverse proxy server to be externally accessible, but behind Untangle so that it is protected from intrusions, and that part of it works... I can turn off the wifi on my phone and connect to my domain, and everything loads just fine. But I connect to my network, and it stops working again (ERR_CONNECTION_TIMED_OUT).

    I tried doing some research to try to figure out what is going on and found some other posts in this forum that point to setting up DNS server in Untangle (domain name - internal server IP), but that doesn't help for my situation.

    To explain how I have it routed currently, I have the following port forwarding settings:

    Public IP (80,443) > Gateway (80,443) > Untangle (80,443) > Reverse Proxy (80,443)
    (Untangle local services were changed to ports 8080, 4443 to prevent conflicts)

    I also tried implementing a bypass rule as well but that didn't solve the problem so I removed it.

    Any help is greatly appreciated.
    Attached Images Attached Images

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,667

    Default

    I need a screen shot of your port forward rule please.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie
    Join Date
    Feb 2021
    Posts
    7

    Default

    Unifi port forwards to Untangle's IP
    unifi port forward.PNG

    Untangle :80 forward to server
    Untangle http forward.PNG

    Untangle :443 forward to server
    Untangle https forward.PNG

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,667

    Default

    Port forward rules are doing exactly what you told them to do, only forward traffic that originates from outside.

    If you want those rules to work from inside, you need to remove the source interface directives.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Newbie
    Join Date
    Feb 2021
    Posts
    7

    Default

    Quote Originally Posted by sky-knight View Post
    Port forward rules are doing exactly what you told them to do, only forward traffic that originates from outside.

    If you want those rules to work from inside, you need to remove the source interface directives.
    Sorry, I forgot that I added the source interface directive to try to fix the problem. Technically the "External" source interface is connected to the rest of my network (Port 2 in my network topology).

    I removed the source interface condition anyways, and it still doesn't work.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,667

    Default

    Ahh... I see that on the map.

    Doesn't matter because the problem is still the same. The issue is with your port forwarding and / or your DNS.

    So first, resolve the name you're having issues with to determine if it's getting a public address or a private one. After that, it's a matter of ensuring the ACLs on an IP level allow traffic to flow.

    Most of the time? It's a port forwarding rule. Though your situation is complicated enough that you may have a firewall rule in the way somewhere.

    Double NAT in the mix? Not helping... Untangle shouldn't be port forwarding at all in this configuration. But since it works from the world, I'm left to assume whatever you called "gateway" isn't forwarding the packets correctly for interior clients. This is VERY common. And you may have to use DNS to resolve an interior IP for the public name to work around the problem. But I can't tell you how to do that, because I don't know what "gateway" is.
    Last edited by sky-knight; 02-15-2021 at 05:20 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Newbie
    Join Date
    Feb 2021
    Posts
    7

    Default

    Doesn't matter because the problem is still the same. The issue is with your port forwarding and / or your DNS.
    Forgive my ignorance, but doesn't the fact that from the "world's" perspective my server is working mean that the port forwarding / DNS is working properly?

    Double NAT in the mix? Not helping...
    I have no NAT rules set in Untangle.

    Untangle shouldn't be port forwarding at all in this configuration.
    So should I try to have my gateway forward directly to my server?

    I'm left to assume whatever you called "gateway" isn't forwarding the packets correctly for interior clients.
    I have made this setup work without the server behind Untangle.


    Is it important to mention that I am using DDNS to update my domain name to my ISP provided external IP address? Also, my gateway is a USG-3P security gateway.
    Last edited by jalouke; 02-15-2021 at 07:20 PM.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,667

    Default

    A lack of NAT rules is expected, you have the NAT tick box enabled on External. This means NAT is in play, if it wasn't you'd not need to forward on Untangle at all. You'd just forward from your gateway directly to the server.

    Beware, disabling NAT will make things much easier but only AFTER you get the routing sorted out.

    I'm assuming you've tested to ensure the DNS name in question is actually resolving correctly. If you haven't done that... you need to do it.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Newbie
    Join Date
    Feb 2021
    Posts
    7

    Default

    I performed the DNS test in Untangle, and it resolves to the correct IP address.

    However the connection test fails, and the traceroute starts at the IP and just goes nowhere (* * *).


    The strange thing is, my server has a route out. I can ping 8.8.8.8, as well as the gateway on my server.
    Last edited by jalouke; 02-15-2021 at 08:24 PM.

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,667

    Default

    The correct IP address meaning what exactly? The address on your gateway?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2