Since up to 169 works for you, it makes me think of a BUG present from 170 and subsequent but, at the same time, it seems strange to me that other users haven’t noticed it . I have only one public IP (with router nat), I am not a developer and can’t do anything else but, I will continue to follow this topic. I trust the users who, like you, have had the same problem. In the meantime, I will try to try to recreate your sitaution in my local network, no promises, because I may fail to do so. I will update you with any news .
Well, Tested 179, Failed. Going out works fine. but fails to find the websites and mail server. Mail is on the orange DMZ. It like the firewall is not setup for in coming trafic. but it is setup. Clean install hand keyed, or Install 169 , restore and update to 179 every step past 169 fails. Been a long time working on this off and on. Time to move on. Giving up on this.
Yes, I had said I would try to recreate your situation locally, but I couldn’t do it and waited for someone to respond. I think I understand your problem correctly: remotely (from 170) you can’t access your local servers using the FQDN associated with one of your public IPs. Everything works for you if you instead (remotely) use your public IP directly. I continue to be of the opinion that there is a problem from version 170 on down, but I have no way of ascertaining that. And likewise, it seems strange to me that no one noticed if that was the case.
I once worked in a school where the ISP provided “a network like yours.” It’s a special condition. Normally ISPs provide a natted modem (like mine). In this case the test cannot be done.
Public IPs should be assigned directly to IPFire’s RED (or directly to a PC, LAN card). This was the condition that the ISP provided to my school where I worked. Under this condition you should do your testing.
One thing that Aliases does not make clear. PER above user saying. 2 or 300 lines above. The Name of the Alias needs to be a URL as the web site is. I found that the user above 2 or 300 lines above was mistaken. Just a description. But the Cert not able to pass though the firewall. I note that the IP address hand keying does not work. You are forced into using the Aliases to get the IP into the NAT. and if you read above my setting. 169 still works fine. Getting a bit old. I do not know what changed in 170-179. I have asked if setup changed and dug into googling the hack out of it. Read and reRead all the docs on setting up for /27 ISP. But no one has any answers yet. seems everyone with a /32 have no problems but again I have said that in the above too. Works fine if pointing a ports with 1 IP. but not Ports and IPs.
The test today, Same hardware setup as the running system. Setup 179, ping from IPFire, All my servers, All My Orange Servers, and Googles DNS. All good. Remote into IPFire UI all good. Checked Firewall one more time. Settings looked good. Get out to the internet was fine. Using GeoPeeker to test the outside. test one check URL of web page. Found IP, No Render of the page. From my phone no page ever comes up. Changed Source from ANY to RED redid the test. Ended the same. Gmail to my Mail server, Sent an email from my Server to gmail. NOTHING. Rebooted IPFire retested same as above. Moved everything back to my Old server hardware 169. Scare me nothing worked, I rebooted and everything started working. Got the mail. both ends. Webpage up from phone and Geopeeker. Users started calling that the internet was down. So I ended the testing.
Still have not found what changed so I can change to the changes. I have tried most everything. Start with a clean system, Got diffrent systems, Made sure drivers work with IPFire. Tried USB NICs, but all the hardware does the same thing will not diplay a webpage, Mail, SSH, SFTP. HTTPS, HTTP nothing works. and I get the same try this. and even I am repeating over and over I did that.
I am not convinced that the problem is only related to Aliases. In a previous post of mine, you can see that I tried it and it seems that the alias works perfectly (as @dean8 also seems to have confirmed). Other ideas at the moment I have none .
SNAT rule is on the orange for the mail server. No DHCP on the ISP, All is hand keyed per ISP setting. Test DNS pass. All out going traffic works fine. I would think the DNS is good. As Above I put SNAT rules on RED and was questioned why I would do that. It was just a test to see if anything changed. and it did not. I was missing for months here. Only because I was not getting anything new. Also seems no one who is running a /27 say they have it working. Making me believe most are running a single IP firewall that works well. or Just running it for a proxy not hosting anything. or just one page.
Alias? but not Hosts. Host seems to make naming servers easy but not needed. I hard key all the hosts with IPs. Mostly a habbit. But is it now required to make things work? Hard to tell. in 169 it works ether way. I ping the servers local IPs so I know most of them.
Now if your talking my DNS settings. So the internet can find my servers. I would think it working in 169. all would be good with the DNS settings. That I do not host here, I did at one time years ago.
Why add support for something that already worked. Or am I reading it wrong. I am using many IPs on a RED before 170. and 170 everything stopped working doing an update to the server. I had a backup. restored the backup to 170 in a clean build still did not work. Hand keyed clean install. ended up going back to 169 and did a restore got everything working. I was using an USB NIC at the time. Someone said they drop the drivers for it. So I got new hardware. Someone said it was to new of hardware, Found Hardware for a Firewall running linux, still did not work. So I have 6 systems of hardware. ALL work with 169. and none work with any thing higher. I have an old i5 gen 4 and it does not work but does with 169. Not working = nothing gets in the firewall.
Seeing what has changed in 170 already looks good to me.
Maybe installing from 170 on changes some firewall settings. I don’t know. It’s just an alternative to my bug hypothesis.
. I have only one public IP (with router nat), I am not a developer and can’t do anything else but, I will continue to follow this topic. I trust the users who, like you, have had the same problem. In the meantime, I will try to try to recreate your sitaution in my local network, no promises, because I may fail to do so. I will update you with any news 
.
.