Precision guesswork here, but I’ve had nginx (not on opnsense) redirecting me to the
defaulthost quite a few times recently - all times it was me cocking up its config. It could be that nginx is waiting for the actual target until it times out and then just gives a your opnsense gui as the most reasonable response.I’d start checking its config. Or pasting it here, after removing secrets, it any.
So I’ve tried spinning up new turnkey containers for nginx to eliminate this as a potential issue. Everything can be accessed internally but new or old config alike, it’s the same inaccessible from WAN issue.
Could it be an MTU issue? Networking van be weird if packets get fragmented unexpectedly, but I see this mostly for IKEv2 and other VPN Services. Try to lower your MTU on the WAN side Maybe?
Gave it a shot (1472) but no luck.
>I have had this configured to IP passthrough mode without issue for years. But, after the Opnsense upgrade (and defaults), I did notice that my gateways were configured differently. Previously, my upstream WAN gateway was the IP address of the BGW320-505 box. Now, my upstream WAN gateway is my WAN IP address with a .1 substituted for the final digit.
This is critical info. You have been configured for IP Passthrough for exactly however long ago you updated.
@bluetrain
> This doesn’t seem to be an issue and comports with everyone’s guides online for configured IP passthrough mode on the BGW320-505 and, in fact, Opnsense does show my WAN IP address as my actual address (something it did not before!).This corroborates my assessment. You were previously in a double NAT situation. You saw your WAN IP on your gateway because your WAN IP was your gateway, not your interface IP. You now see the ISP’s head end IP as the gateway due to IP passthru
@bluetrain
> The strongest example I’ve uncovered of this is, from my WAN (or LAN) directly accessing my WAN IP.What have you been testing from? Laptop pointed to LAN IP, laptop pointed to WAN IP, and cellphone with WiFi disabled pointed to WAN IP?
Good question.
LAN device(s) pointed to WAN IP. LAN devices pointed to LAN IPs resolve fine and display webserver content. Cellphone (no WiFi) pointed to WAN IP does not exhibit the appended Opnsense webui port behavior.
Any suggestions on what to try?
I’m not sure what you’re suggesting but I am confident that IP Passthrough was set to DHCP Fixed on the BGW320-505 with the MAC of the Opnsense NIC before and after the Opnsense upgrade, if that helps.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DHCP Dynamic Host Configuration Protocol, automates assignment of IPs when connecting to a network HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol VPN Virtual Private Network nginx Popular HTTP server
4 acronyms in this thread; the most compressed thread commented on today has 3 acronyms.
[Thread #790 for this sub, first seen 8th Jun 2024, 04:35] [FAQ] [Full list] [Contact] [Source code]
You could try taking some packet captures from opnsense and your server while accessing your externally available web server. Reviewing the pcaps might give you some hints on how fix it based on what behaviour you see in the captures.
