Trying to view my hosted website within a vlan. I am able to see it outside of my network using the domain name. But when I try to view the page from within the network. I get a rejected request, digging around it seems this is for a security reason. In what case I would like to keep this feature if at all possible then.
I seen an archives post that talked about changing openwrt's listing address. After doing that it made the web interface not load anymore. Is there anything else I could try thank you for any help someone can give.
My bad if I'm mistake on what your asking, also not sure what you mean by DST processing public IP address ?
Domain from Godaddy that I linked to my public IP address.
Vlan 30
Proxmox box : 192.168.30.106
Webserver: OS Ubuntu
IP address: 192.168.30.224
The Openwrt device is the one at the top, I will list a new diagram
I have port 80 and 443 open on the router (OpenWRT) I am able to view the website if I use a VPN or anything else that isn't part of my lan network.
Otherwise I get that "Rejected request from RFC1918 IP to public server address", from what I figure out is a security measure to stop denial of service from within the lan network?
If I disable this security measure, then the domain names just take me to OpenWRT's interface.
Seems local IP address are not being forwarded to the webserver.
Are you accessing the Ubuntu server from within you network:
With it's public IP address, or
Using 192.168.30.224?
You must use 192.168.30.224 - or setup internal redirect(s):
Using the local IP address would work, the problem comes when I start to use vhost where I have multiple domain names coming to the same public IP address. I would need to start figuring out a way to allow me to visit different domain names using just an IP address. I'm sure that it is possible, I just never needed to learn how to do it before.
Also I tried the configuration you posted without changing anything of it. Unfortunately it brought everything crashing down. Obviously that wasn't the right move
option src_ip '192.168.x.0/24' #<---SRC network
option dest 'xxx' #<---place packet in same network SRC packet
Thank you for the help and sorry for being away. After rebuilding everything after the hard reset and then trying out the config you listed. I notice systems within the vlan 30 was now able to view the webpage without problem. This is without adding your redirect, I don't know what changed.
As for the vlan20 and lan(lan1) it still gets the same problem with Forbidden even with the redirect.
I commented out vlan30 as it seems to be working without needing a redirect.
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'XXX'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config device
option name 'lan1'
option macaddr 'XXX'
config device
option name 'lan2'
option macaddr 'XXX'
config device
option name 'lan3'
option macaddr 'XXX'
config device
option name 'lan4'
option macaddr 'XXX'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option device 'br-lan.1'
config device
option name 'wan'
option macaddr 'XXX'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan2:u*'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'lan4:u*'
config interface 'vlan20'
option device 'br-lan.20'
option proto 'static'
option ipaddr '192.168.20.1'
option netmask '255.255.255.0'
config bridge-vlan
option device 'br-lan'
option vlan '30'
list ports 'lan3:u*'
config interface 'vlan30'
option device 'br-lan.30'
option proto 'static'
option ipaddr '192.168.30.1'
option netmask '255.255.255.0'
config redirect
option target 'DNAT'
option src 'wan'
option proto 'tcp'
option src_dport '80'
option dest_port '80'
option src_ip '192.168.1.0/24' #<---SRC network
option name 'REDIRECT_HTTP_LAN'
option dest_ip '192.168.30.224"
option dest 'lan' #<---place packet in same network SRC packet
config redirect
option target 'DNAT'
option src 'wan'
option proto 'tcp'
option src_dport '80'
option dest_port '80'
option src_ip '192.168.20.0/24' #<---SRC network
option name 'REDIRECT_HTTP_LAN'
option dest_ip '192.168.30.224"
option dest 'vlan20' #<---place packet in same network SRC packet
#config redirect
# option target 'DNAT'
# option src 'wan'
# option proto 'tcp'
# option src_dport '80'
# option dest_port '80'
# option src_ip '192.168.30.0/24' #<---SRC network
# option name 'REDIRECT_HTTP_LAN'
# option dest_ip '192.168.30.224"
# option dest 'vlan30' #<---place packet in same network SRC packet