Port forwarding within network- LAN to LAN (forward to docker app mapped port)

Sounds like the DNS is poiting towards the outside ip. But is thats they way you would like to use it, add the Lan zone aswell as source and it should work.

Source- WAN and LAN. Allowed client network- ANY

//Rickard

any other suggestions?

Thanks!

Hi,

network -> DNS -> DNS host entry

Ian

What should be the hostname?  The name I got it to work from outside?  The same name I want to call it from within the network?  I call it xxx.duckdns.org from external, I also want to use this inside the network.

The IP address should be 192.168.1.1 or 192.168.1.whatever the unraid nas' ip is?  

Regards,

You can use the external name if you wish and the internal address of the device.

Ian

Hi.  Host/domain name

xxx.duckdns.org

IP address

192.168.1.xxx (NAS that hosts Nextcloud docker container)

TTL "60"  Weight  "1"  Publish on WAN  "No"

Reverse DNS lookup  "On"

Created FQDN host

Name* "duckdns.org"

FQDN* "*.duckdns.org"

FQDN host group BLANK

Anything I missed?  Unfortunately, it's not working.

Hi,

please try a traceroute from your PC to see where the traffic goes.

Your FQDN will point the outside because you are using the generic *, you will need to use the full name not the generic name.

Ian

Tracer xxx.duckdns.org gave me a single line result

11x.xxx.xx.94.xxxx.net [11x.xxx.xx.94]

I believe this is my public ip address?

Hi,

did you change the FQDN to use the full name of your device not the generic *?

Ian

Changed it now to xxx.duckdns.org

All I got from tracert is * * * on all lines

Is .org your internal DNS domain? If you open a CA what does it show you for your machine CN?

Ian

rfcat_vk said:

Is .org your internal DNS domain? If you open a CA what does it show you for your machine CN?

Sorry, lost here.  I have no idea how to make an internal DNS domain.  How do I open a CA?

rfcat_vk said:

Is .org your internal DNS domain? If you open a CA what does it show you for your machine CN?

Sorry, lost here.  I have no idea how to make an internal DNS domain.  How do I open a CA?

Hi,

Have you restarted your PC at any stage during the testing?

What is the result from nslookup of your device?

Ian

Last login: Mon Apr 20 13:48:01 on ttys000

The default interactive shell is now zsh.

To update your account to use zsh, please run `chsh -s /bin/zsh`.

For more details, please visit support.apple.com/.../HT208050.

Jasons-MacBook-Pro-2:~ jason$ nslookup xxx.duckdns.org

Server: 1.1.1.1

Address: 1.1.1.1#53

Non-authoritative answer:

Name: xxx.duckdns.org

Address: 112.205.60.xx

Jasons-MacBook-Pro-2:~ jason$

Hi,

I see the issue, you are using the external DNS not the XG as your DNS so you will always resolve to the external advertised address.

Change you DHCP server on the XG to provide the XG as the DNS then try to access your device.

Ian

XG acts as my DHCP server.  How do I do "Change you DHCP server on the XG to provide the XG as the DNS then try to access your device?"

Regards

I assumed that 1.1.1.1 is your external DNS.

Ian

Yes  using cloudflare 1.1.1.1

What should I do with it?

I suggest you change your DNS settings in your DHCP server to something like mine as below.

Ian

Hi.  I changed that in my DHCP settings.  192.168.1.1.  Now, when I do traceroute, I get:

traceroute xxx.duckdns.org

traceroute to xxx.duckdns.org (192.168.1.xx), 64 hops max, 52 byte packets

1  xxx.duckdns.org (192.168.1.xx)  1.180 ms  1.144 ms  1.310 ms

Jasons-MacBook-Pro-2:~ jason$

That's an improvement :D. Although, accessing it through xxx.duckdns.org still says "Safari can't open the page."

One step at a time. That error message indicates you have a security issue with your device eg you have enabled https or TLS and you have not installed the XG CA on your MAC.

Ian

I used another device to access the xxx.duckdns.org and it presented my my NAS (device hosting the Nextcloud docker) 192.168.1.xx

It didn't go to 192.168.1.xx:whatever_port_i'M_using.  While from the outside, whenever I access xxx.duckdns.org automatically routes to 192.168.1.xx:port.  But this can be addressed later.  

The container is using LetsEncrypt, so I don't use Sophos CA as I don't know how to.  I'm just following video tutorials I've seen :D