0

I have a local debain server with external IP and my own domain. But I got following problem:

  • Using DNS/external IP from outside the LAN: Works
  • Using local IP from inside the LAN: Works
  • Using DNS/externa IP from inside: Does not work -> Timeout

I don't receive any message when connection to the domain using telnet. But ping and traceroute does work. When visiting via browser no message is displayed. As the server logs nothing I don't know where to start searching.

Here is one of my nginx configs:

server {
    listen 443;
    ssl on;
    server_name wiki.*;
    ssl_certificate     /etc/letsencrypt/live/admin.domain.de    /fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/admin.domain.de/privkey.pem;

    set $root_path "/home/wiki/dokuwiki";
    root $root_path;

    access_log /var/log/nginx/dokuwiki-access.log;
    error_log /var/log/nginx/dokuwiki-error.log;

    index index.php index.html doku.php;
    location ~ /(data|conf|bin|inc)/ {
         deny all;
    }
    location ~ /\.ht {
         deny  all;
    }
    location ~ \.php {
         fastcgi_index index.php;
         fastcgi_split_path_info ^(.+\.php)(.*)$;
         include /etc/nginx/fastcgi_params;
         fastcgi_pass unix:/var/run/php5-fpm.sock;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   }
 }

Thank you!

Jack
  • 101
  • 3
  • If ping works, could it be a firewall issue? – Richard Smith May 14 '17 at 17:37
  • The firewall on the server is empty. In the router all necessary ports are open. Connecting from the outside works – Jack May 14 '17 at 17:53
  • When you ping/traceroute does it resolve the Ip to the external ip address or the internal one. What is doing your Nat? Are you trying to access the server from another device on the same network, or from the server to the server – Drifter104 May 14 '17 at 18:44
  • I tried accessing from another pc, laptop and mobile phone in the same local network. The IP resolving to the external one – Jack May 14 '17 at 18:54
  • Could you share your server's network configuration? – Alexander Tolkachev May 14 '17 at 20:08
  • Here is one config I use https://pastebin.com/uR3E7XDD – Jack May 14 '17 at 20:17
  • Please edit your question to include the relevant portions of your config. – EEAA May 14 '17 at 20:50
  • I second the request for the network configuration. Especially reading "FritzBox" makes me wonder if your server has an external IP at all or if you're talking about a port forward from the router's external IP address. – PaterSiul May 15 '17 at 16:01

2 Answers2

1

Your router either doesn't support hairpin NAT, or it does support it and it's not enabled.

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • I have an AVM fritz.box with OS 6.5. Do you now how to setup there? I found https://en.avm.de/service/fritzbox/fritzbox-7581/knowledge-base/publication/show/663_No-DNS-resolution-of-private-IP-addresses/ and set it up but no changes – Jack May 15 '17 at 06:57
-2

It sounds like you have not set a route within your LAN to the public IP. A default gateway/route as the private IP would cover it usually as the packet would go to the private IP to be routed and the machine would look up in the routing tables where to route your packet next and since the public IP is a local interface IP on the gateway, then it would get routed straight to that interface. If the machine is not your default route then you should add a static route in your gateway or on an individual client for the public IP as the private IP of the machine with the public IP in question. You will also need IP forwarding enabled.

This would be the typical first place to look if you are sure it is not a firewall issue. "Is there a route to the IP?" If you just put a public IP on a machine on your network that is not the default gateway, there will be no knowledge in how to access it.

infinmed
  • 17
  • 4