No local lan https connection to https//:media.nutthause.com

Help
1

Hello,
My domain is:
nutthause.com

I ran this command:
https://media.nutthause.com

It produced this output:
Unable to connect
Firefox can’t establish a connection to the server at nutthause.com.

My web server is (include version):
apache2 -V
Server version: Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version):
Linux Mint 20 Ulyana

My hosting provider, if applicable, is:
Home webserver self hosted

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot --version
certbot 0.31.0

I'm able to connect to https://media.nutthause.com when I have enable the border firewall to allow https in, but if I close/disable the forwarding rule NO
connection to https://media.nutthause.com, and I get error:
Unable to connect:
Firefox can’t establish a connection to the server at nutthause.com.
Here is my setup:
Smoothwall Firewall https forwarding rule enabled
"
"
Host making connection Linux Mint 20 firewall rule accept https 443 connections:
Local Browser Firefox 83.0 (64-bit) https://media.nutthause.com
Connects Perfectly

It doesn't appear to be a DNS issue as Static DNS server on Smoothwall resolves to ip address of media.nutthause.com
nslookup media.nutthause.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: media.nutthause.com
Address: x.x.x.x (Actual ip replaced here with x.x.x.x)

I'm not sure if the /etc/sites-available/media.nutthause.com.conf file needs to be changed to allow for the local connections. I keep https incoming connection blocked on my Smoothwall as I only want to connect internally to media.nutthause.com/zm. I'm able to connect using https://ip address/zm, zm = Zoneminder (open source surveillance system), but not able to with DNS name, https://media.nutthause.com/zm.

If I need to connect externally I use ssh or openvpn into local network.

Any help would be appreciated to resolve this internal connection issue.

Thanks

2

Then the IP returned should be the internal IP.
Otherwise, you will be trying to connect to the external IP and the firewall will not allow you to.
OR
You might be able to configure the firewall to only allow internal IPs to access the external site IP.

[you can override the IP via local hosts file entry or use an internal DNS that returns the local IP]

3

The Internal IP is not a question, I have a local static DNS on Border Firewall and /etc/hosts file setup on media. nslookup returns the correct local IP.
Let me ask the question in perhaps a different way. I can connect with border firewall allowing port 443 in (forwarded to Internal PC on a local lan 10.0.0.0 address) https://media.nutthause.com connect is secure, trusted, and verified. Yet if I close the border firewall so no 443 is allowed in I can not make a connect, when I connect to https://media.nutthause.com I get Unable to connect Firefox can’t establish a connection to the server at nutthause.com.
Why?
How can I connect securely from a different computer or the subject computer on the local lan using url https://media.nutthause.com?
Setting up a local dns record in the /etc/hosts file I'm still not able to connect securely.
Let me know how I can make a local connection to https://media.nutthause.com.
Thanks

4

Please ensure your local hosts file entries are in fact being used:

  1. create hosts file entry
  2. ping external FQDN
  3. verify IP returned is in fact an internal IP

If you close the border firewall and break the connection, then your client is NOT in the same network as the server.

5

Could an OSCP query (from a browser) be getting blocked and thus disallowing the connection?
just a thought.

7

Unless...

Got confused and did "in" and "out", I don't see how that can be triggered.

  • It always works one way.
  • And it always fails in the other way.
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.