Hey,

currently I am at a loss with my setup and can’t figure out whats going wrong. I’m preparing a migration of my private root server to my @Home Setup. The idea was to create a DMZ for all those Server with Public Internet Access and put them into a DMZ.

Now I got a Public OPNsense, some Modem from my ISP, a Unifi Dream Machine (that manages LAN and stuff) and another OPNsense inside my DMZ.

There is a Wireguard Tunnel connecting the two OPNsense, the local one got a 0.0.0.0/0 route as Peer Network.

If I now try to access any Website, managed by the Nginx Proxy 192.168.1.1/24, it works fine as long as the Website is inside the DMZ.

My Problem now is to make the green path happen to access stuff inside my LAN over the Public OPNsense.

The proxy is able to curl the LAN Websites and i can Ping and Trace all the IPs but something is broken. I can see the Packages arrive at the LAN website and make it back to the public OPNsense but my browser will always get a “timed out” :'(

  • nap@sh.itjust.worksOPEnglish
    1·
    8 hours ago

    green boxes are IP, red are FQDN

    Curl capture (made first so DNS is captured aswell)

    Firefox capture

    • just_another_person@lemmy.worldEnglish
      3·
      7 hours ago

      You have a loopback. Says it right there.

      From your diagram it looks like you’re have two reverse proxies chained together…why?

      • nap@sh.itjust.worksOPEnglish
        1·
        7 hours ago

        Never got the time to learn to read Captures :'(

        At a time I tried to use two proxies but I changed it back to one. The host I try to reach is a Docker Host with Immich running. So the only real proxy should be “192.168.1.1”.

          • nap@sh.itjust.worksOPEnglish
            1·
            7 hours ago

            What? That’s totally confusing. Took my Laptop (192.168.35.242), tethered to my Mobile (192.168.35.116) and wiresharked. 192.168.35.0/24 should never ever be a part of my Network.

            • just_another_person@lemmy.worldEnglish
              3·
              6 hours ago

              Read your own screenshot

              If you want to simplify things, do this:

              1. Remove all the proxy mess in between the service and network
              2. Make sure it works properly, and you can address it by name
              3. Add proxy back and point to DNS to it
              4. Test again

              Then just keep adding things back and find where it’s breaking. I’m positive you have a hostname mismatch, or a messed up DNS record if you’re using multiple proxies. Curl output would be helpful. Also check dig (hostname) to see what your DNS is responding with.