I am unable to access services on the WAN IP from within the network

Hubert Oliver

2/4/24, 9:07 AM

Normally, this would not be a desired configuration, but I am setting up a NextCloud server, and to validate the domain, it requires that it be able to access it through the public IP address. No matter what I do, I cannot get this to work. It specifically needs port 443, but I cannot reach port 80, 8080, nor 443 from inside the firewall (OPNSense), when using the FQDN. DNS queries are resolving properly with the WAN IP, I have opened the ports outgoing in order to let the server bypass the transparent proxy, and have even port forwarded port 443 outgoing for the server IP to push it past the proxy, but nothing works. If I try to access these ports from outside the firewall (from my cell phone), I have no trouble at all. I know this is unusual, but is there any way to make this work? Someone has to have been able to get NextCloud working at some point, right?

891

1 + 4

firewall

nat

port-443

nextcloud

opnsense

vidarlo

2/4/24, 9:54 AM

I don't understand how your network is configured. You have a proxy. Does your firewall redirect *outgoing* traffic *to* port 443 to the proxy? If so, that's irrelevant, the request will come from an ephemeral port.

A.B

2/4/24, 10:09 AM

This kind of issue has a description: https://en.wikipedia.org/wiki/Network_address_translation#NAT_loopback . I guess a **transparent** proxy will get the problems of a NAT/router.

vidarlo

2/4/24, 1:09 PM

Does this answer your question? [Loopback to forwarded Public IP address from local network - Hairpin NAT](https://serverfault.com/questions/55611/loopback-to-forwarded-public-ip-address-from-local-network-hairpin-nat)

Hubert Oliver

2/4/24, 6:40 PM

Thank you all for your comments! By digging through all of your suggestions, I was able to set up a port forward for packets on the LAN Net addressed to the WAN IP right back to the server and it accepted it!

Score:3

Server

Net Runner

2/4/24, 2:10 PM

In order to access other internal LAN resources within your network using your external IP address through OPNSense, you need to enable the NAT reflection feature. It will rewrite such requests so that they use the internal IP in order to avoid taking a detour and applying rules meant for actual outside traffic. More information on NAT reflection can be found here.

+ 1

Hubert Oliver

2/4/24, 6:41 PM

Thank you for your suggestion. NAT Reflection was already enabled, but I hadn't thought to just port forward directly back to the server from inside the LAN Net. That did the trick.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: I am unable to access services on the WAN IP from within the network

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.