Port forwarding within network- LAN to LAN (forward to docker app mapped port)

Sounds like the DNS is poiting towards the outside ip. But is thats they way you would like to use it, add the Lan zone aswell as source and it should work.

Source- WAN and LAN. Allowed client network- ANY

//Rickard

any other suggestions?

Thanks!

Last login: Mon Apr 20 13:48:01 on ttys000

The default interactive shell is now zsh.

To update your account to use zsh, please run `chsh -s /bin/zsh`.

For more details, please visit support.apple.com/.../HT208050.

Jasons-MacBook-Pro-2:~ jason$ nslookup xxx.duckdns.org

Server: 1.1.1.1

Address: 1.1.1.1#53

Non-authoritative answer:

Name: xxx.duckdns.org

Address: 112.205.60.xx

Jasons-MacBook-Pro-2:~ jason$

Hi,

I see the issue, you are using the external DNS not the XG as your DNS so you will always resolve to the external advertised address.

Change you DHCP server on the XG to provide the XG as the DNS then try to access your device.

Ian

XG acts as my DHCP server.  How do I do "Change you DHCP server on the XG to provide the XG as the DNS then try to access your device?"

Regards

I assumed that 1.1.1.1 is your external DNS.

Ian

Yes  using cloudflare 1.1.1.1

What should I do with it?

I suggest you change your DNS settings in your DHCP server to something like mine as below.

Ian

Hi.  I changed that in my DHCP settings.  192.168.1.1.  Now, when I do traceroute, I get:

traceroute xxx.duckdns.org

traceroute to xxx.duckdns.org (192.168.1.xx), 64 hops max, 52 byte packets

1  xxx.duckdns.org (192.168.1.xx)  1.180 ms  1.144 ms  1.310 ms

Jasons-MacBook-Pro-2:~ jason$

That's an improvement :D. Although, accessing it through xxx.duckdns.org still says "Safari can't open the page."

One step at a time. That error message indicates you have a security issue with your device eg you have enabled https or TLS and you have not installed the XG CA on your MAC.

Ian

I used another device to access the xxx.duckdns.org and it presented my my NAS (device hosting the Nextcloud docker) 192.168.1.xx

It didn't go to 192.168.1.xx:whatever_port_i'M_using.  While from the outside, whenever I access xxx.duckdns.org automatically routes to 192.168.1.xx:port.  But this can be addressed later.  

The container is using LetsEncrypt, so I don't use Sophos CA as I don't know how to.  I'm just following video tutorials I've seen :D

Feels so close :D. Hope you can help me find the problem.

Feels so close :D. Hope you can help me find the problem.

Hi,

external routing is taken care of by your firewall rule.

Did you install the let encrypt CA in your MAC?

The XG CA is no different except you download it from the XG?

Ian

Don't know how to install certificate manually.  All I know is when I visit a site, it asks whether I'd like to proceed/ accept.  I do accept to proceed.  In this scenario, I am not presented whether I'd like to accept  any certificate or not.  How do I trigger it?

I assume you received the CA in the mail and have saved it to your documents. Double on the CA and you will be asked some questions about installing and maybe trusting it.

There's a KBA on the subject, I will try and locate it for you.

Ian

In general, aren't we just supposed to visit the website, and it warns us, and we allow it to proceed?  I went 1 step further, and went to keychain access in my mac, and modified it to 'always trust'

From External access, I didn't have to import or install any .cer file.  Is it any different if to access from within?