Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port forwarding within network- LAN to LAN (forward to docker app mapped port)

jang430

Hi.  I am using docker apps, inside Unraid NAS.  I set up a Nextcloud container (docker).  To be able to use it from outside, I created a DNAT rule so that from outside, I can access Nextcloud app.  It is working.  Nextcloud uses port 80 and port 443.  These ports are used by my Unraid NAS.  I mapped incoming http to port 380 of docker app, and incoming https to port 643 of docker app.  So far, so good.

DNAT rule

Source- WAN. Allowed client network- ANY

Destination- WAN port  Services- HTTP and another rule HTTPS

Protected Servers-  NAS IP  Mapped port- 380 and another port 643 for HTTPS

Protected zone- LAN

 

From inside the network, I can't access Nextcloud app



This thread was automatically locked due to age.
  • 0

    Sounds like the DNS is poiting towards the outside ip. But is thats they way you would like to use it, add the Lan zone aswell as source and it should work.

    Source- WAN and LAN. Allowed client network- ANY

    //Rickard

    • 0 in reply to RickardNordahl

      I accessed the Nextcloud docker from the inside by accessing https://NAS_ip_address:643. it went to https://xxx.duckdns.org, the hostname I use to access from outside, still unable to resolve.  All these after adding LAN to the firewall ule already.

      • 0 in reply to RickardNordahl

        any other suggestions?

         

        Thanks!

        • 0 in reply to jang430

          Hi,

          try creating an internal FQDN using the internal address and do not tick advertise on the WAN.

          Ian

          XGS118 - v21.5.0

          XG115 converted to software licence v21.5.0

          If a post solves your question please use the 'Verify Answer' button.

          • 0 in reply to rfcat_vk

            Hi!  Currently, I left the advice of  in the firewall rules:

            Source- WAN and LAN. Allowed client network- ANY

             

            I created an FQDN host, didn't see any option not to advertise to WAN though.

            Do I change the firewall rules previously created?  How do I integrate this to the previous firewall rule?  Or do I create a new one?

            • 0 in reply to jang430

              Hi,

              you create it in network -> DNS and you leave the rules as they are.

              Ian

              XGS118 - v21.5.0

              XG115 converted to software licence v21.5.0

              If a post solves your question please use the 'Verify Answer' button.

              • 0 in reply to rfcat_vk

                Hi.  Can you be more specific?  Not quite getting what to do next.

                • 0 in reply to jang430

                  Hi,

                  network -> DNS -> DNS host entry

                  Ian

                  XGS118 - v21.5.0

                  XG115 converted to software licence v21.5.0

                  If a post solves your question please use the 'Verify Answer' button.

                  • 0 in reply to rfcat_vk

                    What should be the hostname?  The name I got it to work from outside?  The same name I want to call it from within the network?  I call it xxx.duckdns.org from external, I also want to use this inside the network.

                     

                    The IP address should be 192.168.1.1 or 192.168.1.whatever the unraid nas' ip is?  

                    Regards,

                    • 0 in reply to jang430

                      You can use the external name if you wish and the internal address of the device.

                      Ian

                      XGS118 - v21.5.0

                      XG115 converted to software licence v21.5.0

                      If a post solves your question please use the 'Verify Answer' button.

                      • 0 in reply to rfcat_vk

                        Hi.  Host/domain name

                        xxx.duckdns.org

                        IP address

                        192.168.1.xxx (NAS that hosts Nextcloud docker container)

                        TTL "60"  Weight  "1"  Publish on WAN  "No"

                        Reverse DNS lookup  "On"

                         

                         

                        Created FQDN host

                        Name* "duckdns.org"

                        FQDN* "*.duckdns.org"

                        FQDN host group BLANK

                         

                        Anything I missed?  Unfortunately, it's not working.

                        • 0 in reply to jang430

                          Hi,

                          please try a traceroute from your PC to see where the traffic goes.

                          Your FQDN will point the outside because you are using the generic *, you will need to use the full name not the generic name.

                          Ian

                          XGS118 - v21.5.0

                          XG115 converted to software licence v21.5.0

                          If a post solves your question please use the 'Verify Answer' button.

                          • 0 in reply to rfcat_vk

                            Tracer xxx.duckdns.org gave me a single line result

                            11x.xxx.xx.94.xxxx.net [11x.xxx.xx.94]

                            I believe this is my public ip address?