can you add the cert to this

Federico De Luca · ‎04-28-2017

Hi everyone, hope you can help me fix this.

The scenario it´s the following;

Server1 (192.168.1.116)
Server2 (192.168.1.110)
Router RV042 (192.168.1.254)
Firmware version: 4.2.3.07
Public IP: static | It has 2 web hosts associated (hostapp.com and hosttest.com)

Servers and host names are generic, not the ones currently configured

One of our clients got 2 servers with a third part application installed. On both servers this application can be accessed from HTTP (80) and HTTPS (443) ports; both from name or IP.

For example http://server1 and https://server2 or http://192.168.1.116 and http://192.168.1.110

The application provider wants now to allow the applications be accessed from internet, so I configure the following port forward and UPnP:

LAN IP	INTERNAL PORT	EXTERNAL PORT	CONFIGURED AS
192.168.1.116	80	80	Port forward
192.168.1.116	443	443	Port forward
192.168.1.110	80	8000	UPnP
192.168.1.110	443	4430	UPnP

After this configuration I can access successfully to the applications from external networks using the following URLs:

https://hostapp.com

http://hostapp.com

https://hosttest.com:4430

http://hosttest.com:8000

But when I try to do it from inside the LAN network, it fails. Receiving a message that shows that the site took to long in answer

Can you please help me?

Thanks in advice!

singhkulbir29881 · ‎04-28-2017

Hi Federico De Luca,

Are you able to access these applications from internal by using IP address instead on FQDN like http://192.168.1.116 instead of https://hostapp.com?

Federico De Luca · ‎04-28-2017

Hi singhkulbir29881 and thanks for your response.
Yes, I can successfully access to the app through the LAN IP

singhkulbir29881 · ‎04-28-2017

So after port forwarding, FQDN's https://hostapp.com, http://hostapp.com, https://hosttest.com:4430, http://hosttest.com:8000 are resolving into public IP. When you are trying to access by using FQDN name is resolving into RV042 WAN IP and RV042 is dropping this traffic due to default firewall features. You can use local DNS server having these FQDN entries resolving into private IP's and add the IP of this local DNS server as a primary DNS in DHCP settings or simply access using LAN IP address instead of FQDN.

Please rate if this is helpful.

Federico De Luca · ‎04-28-2017

The proceedure you describe is correct; but I can´t configure the DNS entry that way dude it will give a certificate error due the associated IP will be different to the corresponding public IP

Dennis Mink · ‎05-01-2017

Frederico,

your certs should have X.509 FQDN subject names. are you saying they have IP addresses as the subject name?

why dont you create a host file on a test machine resolving https://hostapp.com, http://hostapp.com, https://hosttest.com into internal IP addresses?

Please rate if useful

Please remember to rate useful posts, by clicking on the stars below.

Federico De Luca · ‎05-02-2017

Hi Dennis and thanks for your response.

I can´t do that due the HTTPS certification. If the IP doesn´t match the public IP it will return an error (I´ve already tried it)

Dennis Mink · ‎05-02-2017

can you add the cert to this post?

Thanks

Please rate if useful

Please remember to rate useful posts, by clicking on the stars below.

Can´t access web server from LAN, but I can from WAN