Hey,
currently I am at a loss with my setup and can’t figure out whats going wrong. I’m preparing a migration of my private root server to my @Home Setup. The idea was to create a DMZ for all those Server with Public Internet Access and put them into a DMZ.
Now I got a Public OPNsense, some Modem from my ISP, a Unifi Dream Machine (that manages LAN and stuff) and another OPNsense inside my DMZ.
There is a Wireguard Tunnel connecting the two OPNsense, the local one got a 0.0.0.0/0 route as Peer Network.
If I now try to access any Website, managed by the Nginx Proxy 192.168.1.1/24, it works fine as long as the Website is inside the DMZ.
My Problem now is to make the green path happen to access stuff inside my LAN over the Public OPNsense.
The proxy is able to curl the LAN Websites and i can Ping and Trace all the IPs but something is broken. I can see the Packages arrive at the LAN website and make it back to the public OPNsense but my browser will always get a “timed out” :'(
Then i assume there is something wrong in the routes from your lan when returning traffic that got initiated through the internet opnsense. If you can see traffic hit the LAN network, all should be well on the way in.
Perhaps some sessions on the way time out due to low TTL. I’ve experienced drops of traffic when there are too many hops.
Hm, could be a little bit much but Public IP -> WG0 -> Proxy -> Router -> Server and back should not be ok?
It looks incredibly convoluted. My best guess is that traffic hits 172.168.1.254 and gets routed out on the internet and doesn’t pass the dmz.
Should the nginx Proxy receive that package? If i trace between the LAN Host and GW, there are no Public IP’s
I think the packets take one way in, and get routed a different way out.