Having an odd issue where my server is up and running and I can access it on my LAN, but even with port forwarding setup I can’t access it form outside the network. It has worked before so I think its a server/apache setting. Currently shows a, “this site cannot be reached, the connection was reset.” When accessing outside of the lan. Also I do not know if this is normal but when I type in the DNS name, it resolves to the private IP of the VM, not my public IP (I clean the cache when I test after changes I make).
Setup:
ESXi VM of Ubuntu 16.x server, selected LAMP, Email and SSH options when installing.
Setup in ESXi to use the second NIC of the machine that is directly connected to my “DMZ” interface on my pfsense box.
Bluehost (who I registered my domain with many moons ago) has been updated to point to my public IP.
Verified my public IP hasn’t changed (usually doesn’t unless I reboot the router).
Tripple checked ports in the port alias I made for the port forwarding option.
When at the apache portion, test page could not be accessed from outside LAN, switched from 1:1 NAT to port forwarding and that was fixed.
Followed a dizzying array of digital ocean tutorials to setup Apache, mysql, wordpress, lets encrypt etc, been a crazy learning experience- and before I had the wordpress site running I was able to get the test line in the apache default html to display when outside of me network. So somewhere the breakdown happened with wordpress (I’m assuming). The other test I’m doing is sending myself emails and that has been working.
As a sanity check on the assumption, I will make a snapshot, then restore to the snapshot just prior to the wordpress install and see what happens.
well you can use tail -f /var/log/syslog and tail -f /var/log/apache2/error(correct?) to watch your logs and check for errors of any kind.
also #sudo tcpdump port 80 will show any packets that go to that port. so run that and see if the server is getting anything. if not it may still be firewall/routes/rules
please post any extra info, i love this kind of problem XD
When you say “it resolves” do you mean that in your browser, the address bar changes from showing the DNS name to the VM’s internal IP? Or are you doing a ping against your DNS name and it’s resolving the VM’s internal IP?
@kenkoda I’ll try and run that when I get home and report back. Last night I was too lazy to revert back a snapshot, still curious to do it (pre WordPress and apache config changes) to see if outside network sees the test page again. For sure wasn’t caching from lan sessions as I had a friend go to it from his work. Also the other observation, I’m still getting emails into the email server part of the build.
@Levitance its when I put in the domain name in the address bar, it eventually turns into https://privateIp, is that normal with port forwarding?
Content management systems like Wordpress often ask for configuration information. If you put in your local IP address, it will re-write the URL based on that configuration.
Edit:
What you might want to do for this is tell Wordpress that its host/domain/whatever information is whatever your DNS is. Then locally (you’ve got local DNS right? Who doesn’t? You might have to alter your hosts file) make an entry for your DNS name to point to Wordpress locally. That should work.
@kenkoda, tailing the two log files didn’t show anything- tcpdump didn’t show any activity from my cell phone on LTE creating any logs- connect to my wifi and now the page gets served and tcpdump lights up with logs. *edit I’m reading into this that the firewall/router is at play here, as the virtual NIC is not even getting hit from outside. I don’t think its my alias list as emails are still coming in, something else is happening, maybe even my ISP?
So @Levitance and @lessaj, not sure where to go next with configs. I was under the impression you do not want local DNS, I have 8.8.8.8 plugged into pfSense plus whatever was default. Somehow my DHCP private IP is being reported back in the browser. In fact, you want neither public IP or private, you wand the DNS to stay in the browser…
I dissabled all the firewall rules on my DMZ except allow any/any and allow ICMP. Did tcpcump and cell phone again, nothing…
Checked IP on the phone and am not seeing any denied traffic with the phone’s IP in the firewall logs…
Just fyi the browser this whole time reports:
"This site can’t be reached. The connection was reset. Try: checking the connection. ERR_CONNECTION_RESET.
Clicking ‘details’ shows: Check your internet connection. Check cables and reboot any routers… etc etc.
sounds like its something in your rules. you have to have the allow rules on the firewall not just the nat passing the traffic, maybe something wrong in that area?
check your interface and address settings on your rules?
I’d agree but I’m realizing then emails shouldn’t be coming in right?
So if nothing coming in on tcpdump, and rules/alias worked earlier and still working for email, that leaves my domain registration? The MX file is still good (thus emails coming in) but hostfile went bunk?
Reverted to the snapshot * edit, wrote still didn’t work but didn’t use the domain name or public IP, private IP was still in browser-- it works when reverted to pre-wordpress VM, so something to do with the wordpress install. I followed the digital ocean tutorials mostly.
Also of odd not, tcpdump only captures when a laptop on my LAN is hitting up (the now apache only, no wordpress) site, but my phone hitting up the site is not causing logs.
Second, typing in the DNS in the browser still messing it up (on my phone), typing in my public IP gets me the apache test page. When I type in the DNS, it very shortly shows the public IP, then shows the private IP.
with what you said, its not routes and would be apache not making wordpress happy.
just to be sure, for the time being check wordpress has correct rwx on its files, if anything just sudo chmod -R 777 * that folder to be sure, if it works fix that / 644 it
If it was a rule or NAT problem it wouldn’t declare the port as open because the traffic would not be able to return, however if you go to the webpage internally using the domain name and it flips to the internal IP, watch the network tab of developer options in your browser to see if you can find the redirect. There must be something in your configuration that is pointing to the IP instead of the name.
Additionally, on your pfSense box you still need to have localhost as a DNS provider because of any static mappings you may add, so you don’t want to enable the “Disable DNS Forwarder” option in general setup. I have some host overrides entered that allow me to use the same address internally and externally so I don’t get any certificate errors when I visit my own sites. I’m using apache as a reverse proxy for my other services, not as a front-end.
Thanks all for the help, I really appreciate it and you guys had me using tools and googling things I wouldn’t have learned about otherwise.
So… it seems to be a ‘simple’ issue that happens when you setup the wordpress site (or maybe apache) before you have setup the A record for DNS- so wordpress put in the private IP. When I revert to just Apache, then it was my private IP I believe. I would have liked to fix this in the command line by editing a .conf, but the instructions I found online was to just go into the wordpress gui, settings, and change wordpress URL and wordpress site to my DNS name. I also fixed the time zone while in there (and read this could be an issue too- or maybe not, was trouble shooting a few things and maybe that was in regards to something else…).
So after clearing the browser cache on my phone, the site comes up AND the URL doesn’t change into the public or private IP. Next is to give it a propper favicon, my browser seems to have cached from trouble shooting and my site has the pfSense favicon. *edit oh and even after following the digital ocean guides that had sections dedicated to this, maybe due to changes/updates since the tutorial was made, my wordpress cannot update/install plugins so folder permissions need to be played with.
You might have to alter your hosts file) make an entry for your DNS name to point to Wordpress locally. That should work.