nap

joined 1 year ago
sorted by: new top controversial old
Need Support: DMZ at home with nginx proxy to LAN in c/selfhosted@lemmy.world
[–] nap@sh.itjust.works 1 points 5 hours ago (1 children)

Should the nginx Proxy receive that package? If i trace between the LAN Host and GW, there are no Public IP's

Need Support: DMZ at home with nginx proxy to LAN in c/selfhosted@lemmy.world
[–] nap@sh.itjust.works 2 points 5 hours ago

I think I let it rest for a day, I'm confused

Need Support: DMZ at home with nginx proxy to LAN in c/selfhosted@lemmy.world
[–] nap@sh.itjust.works 1 points 5 hours ago (3 children)

Hm, could be a little bit much but Public IP -> WG0 -> Proxy -> Router -> Server and back should not be ok?

Need Support: DMZ at home with nginx proxy to LAN in c/selfhosted@lemmy.world
[–] nap@sh.itjust.works 1 points 6 hours ago (2 children)

What? That's totally confusing. Took my Laptop (192.168.35.242), tethered to my Mobile (192.168.35.116) and wiresharked. 192.168.35.0/24 should never ever be a part of my Network.

Need Support: DMZ at home with nginx proxy to LAN in c/selfhosted@lemmy.world
[–] nap@sh.itjust.works 1 points 6 hours ago (4 children)

Never got the time to learn to read Captures :'(

At a time I tried to use two proxies but I changed it back to one. The host I try to reach is a Docker Host with Immich running. So the only real proxy should be "192.168.1.1".

Need Support: DMZ at home with nginx proxy to LAN in c/selfhosted@lemmy.world
[–] nap@sh.itjust.works 1 points 6 hours ago (5 children)

There is one DNAT rule at the public OPNsense routing the HTTP/s traffic to my proxy. Inside my DMZ an LAN is no NAT, only routing. Back out again there is a Masq/SNAT rule for my local IPs

Need Support: DMZ at home with nginx proxy to LAN in c/selfhosted@lemmy.world
[–] nap@sh.itjust.works 1 points 7 hours ago (6 children)

green boxes are IP, red are FQDN

Curl capture (made first so DNS is captured aswell)

Firefox capture

Need Support: DMZ at home with nginx proxy to LAN in c/selfhosted@lemmy.world
[–] nap@sh.itjust.works 2 points 7 hours ago

I tested with my Mobile with LTE and got the same results

Need Support: DMZ at home with nginx proxy to LAN in c/selfhosted@lemmy.world
[–] nap@sh.itjust.works 2 points 7 hours ago (7 children)

Ah sry, bad choise but i masked my real LAN IPs

34
Need Support: DMZ at home with nginx proxy to LAN (sh.itjust.works)
 

Hey,

currently I am at a loss with my setup and can't figure out whats going wrong. I'm preparing a migration of my private root server to my @Home Setup. The idea was to create a DMZ for all those Server with Public Internet Access and put them into a DMZ.

Now I got a Public OPNsense, some Modem from my ISP, a Unifi Dream Machine (that manages LAN and stuff) and another OPNsense inside my DMZ.

There is a Wireguard Tunnel connecting the two OPNsense, the local one got a 0.0.0.0/0 route as Peer Network.

If I now try to access any Website, managed by the Nginx Proxy 192.168.1.1/24, it works fine as long as the Website is inside the DMZ.

My Problem now is to make the green path happen to access stuff inside my LAN over the Public OPNsense.

The proxy is able to curl the LAN Websites and i can Ping and Trace all the IPs but something is broken. I can see the Packages arrive at the LAN website and make it back to the public OPNsense but my browser will always get a "timed out" :'(