I don’t think this is really a NethServer problem but you are clever people who will know where I’ve gone wrong!
I can access my NethServer using the IP address when on the local network. I can’t access it using its domain name from the LAN. But I can from outside the LAN.
I haven’t had this trouble before, I’ve always been able to access my NethServer using either the IP or FQDN when on the LAN. I’ve been through my router settings and DNS and can’t see what I’ve changed. Or what I could have changed in NS to cause this.
Thanks, I’m changing the actual domain and IP here to protect the innocent!
~ davidgordon$ nslookup nethserver.mydomain.tld
Server: 192.168.53.1
Address: 192.168.53.1#53
Non-authoritative answer:
Name: nethserver.mydomain.tld <- actually shows correct address
Address: 12.34.567.89 <- actually shows correct WAN address of my router
From the above I see the “Server” as the LAN IP for the router and I don’t understand the #53 in the “Address”. My nethserver is located at 192.168.53.101.
I’ve done a fresh reinstall of NS. Everything woking as expected using IP address or domain name inside my LAN. I’ve got a LetsEncrypt certificate and started adding the software I want. I added Cockpit and that worked, I added NextCloud and the install seemed to stall at around 89%. While that was happening I couldn’t get to the server using the domain name. I don’t know how I unfroze the install but after that I can’t get to the server using the domain name. I’m back to where I was this morning. I’m 99.9% sure this is a configuration problem with my install. Fingers are pointing at NextCloud and Cockpit.
Update to Update - its actually not working again.
Update:
Seems to be working correctly again. I did nothing other than have a nice cup of tea. Server reports its only been up a few minutes, perhaps its restarted…
Bit of a mystery this. I’m going to reinstall NextCloud and Cockpit, see what happens.
Its happening again… This morning I accessed my NS Dashboard using my FQDN. Ten minutes later and I can’t.
No access to server via FQDN on LAN.
Access to server OK using IP address.
Access to server using FQDN available from outside LAN.
Its not the NS server going to sleep, sorted that. My Nextcloud doesn’t have its own subdomain. I haven’t fiddled or changed any NS settings over the past week or so. What could cause this? Which log might offer a clue?
Going for a nice cup of tea to see if that works again
Like @federico.ballarini said, it sounds like a DNS problem, from outside your Router is doing it for you, but who is the DNS at your internal network? The router too?
You can also try to make your nethserver to DNS-Server
Yes, thanks, @m.traeumner, the router is doing the DNS for me. Its set to the ISP’s default DNS so I’ve changed that to another and lets see if that solves the problem for me.
I don’t think so. Every external DNS didn’t know your internal nethserver.
The client asks for the name, your DNS should know which IP is behind the name. If your router doesn’t know it, it looks at an external DNS, which also doesn’t know it. I think sometimes your nethserver is fast enough to say “Stop, wait a moment, here I’m”, but not all the time, so you can reach it sometimes.
This should be the right way. If you can’t realize it, take your nethserver as DNS-Server for your clients. At nethserver you can deposit your router as DNS or the recommended google DNS 8.8.8.8.
Or if there are only a few clients you can set the nethserver address to your hostfile.
When on my LAN I request nethserver.mydomain.tld. My router sends the request to the default ISP DNS. Its a FQDN so returns the Internet IP address of my router. My router forwards the request on port, 993, 465, or whatever to my NethServer server.
But sometimes there’s a problem with my ISP’s DNS and its somehow lost the IP address for nethserver.mydomain.tld.
Meanwhile from outside my LAN I’m asking a different DNS and its more reliable and hasn’t ‘forgotten’ my address.
So that’s why I thought a change of DNS may help. And I’m noticing my web browsing is a little ‘snappier’ since I changed the DNS. So maybe my ISP’s DNS is a bit unreliable?
Time for a KISS solution, if NethServer should be “on” all the time…
Disable DHCP Server on router, enable it on NethServer, taking care to setup the right DNS server for the network connection and the correct gateway (the router)
This should accomplish the mission.
@pike That’s my situation at home… Although I do have 2 NethServer instances running: 1 for Samba4 AD Account provider + fileserver + DNS + DHCP + a lot of other services and 1 instance as Gateway/IDS/Firewall. So my DHCP scope is pointing to the GREEN interface of my 2nd NethServer as default gateway.
Since I use double NAT, the RED interface of my Gateway has an IP in the private range of my ISP router and is configured with a default gateway of the Green interface of the ISP router.
Might seem complicated, but it is rock solid and I have no ISP snooping at my traffic since I use a VPN connection to a VPN server outside the ISP network.
I think something on my LAN is occasionally failing to authenticate. Fail2Ban is then banning my IP address as that’s where the request is coming from.
I deliberately tried logging into Cockpit with a dud password. I got banned. I could see my IP address in the Fail2Ban log. Once I ‘unbanned’ myself access was returned.
You are sure you want fail2ban to be active on the LAN/Green interface? I deliberately disable fail2ban on GREEN.
On ‘old’ servermanager:
Allow bans on the LAN unchecked.
I think so. I am sure my LAN could be better but this is what I have. I do not run a DNS locally. I do have a laptop which I use inside and outside of my LAN. On the laptop I have diary and address book apps getting data from Nextcloud. So the address they access is the FQDN of my Nextcloud, myserver.mydomain.tld/nextcloud. When on my LAN my laptop requests the DNS for myserver.mydomain.tld from the external DNS which returns the fixed IP for my router. So any failed authentication will appear to come from my WAN IP address, not from my LAN.
