Can't access my local website from local network (but ok from outside)

Hello,

First sorry for my english…

I am new to IPFire and struggling to get it right.
Here is my setup:

Blue access (https) to my Internal website works, but red doesn’t…

My IPFire firewall settings are like this:

Firewall inbound allowed from All to Red on 443
Firewall forward from RED 443 to Green (192.168.77.87) 443

I understand that Green to Red is allowed by default so what am i missing ?

Thanks for your help,

Perhaps hairpin NAT is not working in your Router. Try adding your site FQDN to the IPF hosts with the NAS (LAN) IP so you have a split DNS and all local traffic using your website FQDN does not go outside your LAN.

Hi, welcome to the ipfire community.

I wouldn’t think you would need the “all to RED 443” rules because forwarding would open the port on red. So I would definitely delete that.

use this method to set up your port 443 server:

If you need access to this site by the TLDN and the internet connection is disconnected, add the site name to the host list under “edit host” in the Network section.

Hello again,

You are right Dave, i’ve been messing around a bit and tried this setting (All to RED 443) and it worked !

Thank you for your support all !

Hairpin NAT is automatically handled by setting up forwarding with “automatic” as the firewall interface and having “Use Network Address Translation(NAT)” and “Destination Nat(Port Forwarding)” selected when setting up the forwarding rule.

But straight routing (without hairpin NAT) should work if there is a name server outside pointing to the ip address of the red interface. Then the firewall interface selection of RED would be selected. However, in both cases, source port in the protocol section should be blank for a NAT translation entry if protocol is selected to TCP.

But normally when I use the system ipfire uses, I set the protocal to ‘all’ instead of TCP because of HTTPS issues when doing discrete routing instead of generic port forwarding. But this is slightly a different circumstance.

Removing the extra rule that the OP invoked that is required in some routers fixed the problem since everything else was set, and the unnecessary rule was causing a logic loop.