SOLVED Internal Networking DNS Issues between two Nethservers

Duncan_Rix · September 27, 2021, 9:25am

So I’m not too sure where exactly my issue lies. I will do my best to explain my setup and what it is that’s not working correctly or at least not how I would expect it to.
Both servers are running Nethserver release 7.9.2009 (final)

Server1
Router/firewall/DHCP/DNS/DC/VPN for the LAN network.
Two NIC’s one for red, one for green.
Red interface is PPoE, has two WAN IP’s the 2nd of witch is setup as an alias.
Multiple port forwards for services running on Server2 using the alias IP all working fine when accessed from the internet. E.g. Web,vhost web, Email, Nextcloud
Multiple open ports to Server1 for services also all working fine.

Server2
Email/Web/Nextcloud
One NIC setup as green with static LAN IP.

Both servers have sub domains pointed at them that work grate externally for access to cockpit and all other services. Server2 all so has a 2nd sub domain pointed to it for a virtual host web page that also works fine externally.

The problem is that this 2nd virtual page dose not work internally from the LAN.

Other information to note is that I have added DNS entry’s to Server1 for all sub domains pointed to Server2.These entry’s point to Server2’s LAN address.

If I ping Server2’s main sub domain (e.g for cockpit) it returns Server2’s LAN address.
When pining the sub domain pointed to the vhost on Server2 it returns with Server1’s LAN IP.

Configuration from cockpit seems to have changed a little from when I originally set this all up. In fact it was orinally done using the old web config system and from memory I had to NAT the WAN IP to Server2 then setup port forwards. The NAT rule I can no longer see, that said I have tried changing the SNAT setting in the firewall setting e.g. adding both sub domains but this make no change situation. I have tried changin this setting both with and with out the DNS rules stated above but no matter what I do the vhost domain all ways points to the wrong server LAN IP. Each time a change is made the computer I’m using gets a DNS flush before testing.

Any advise on how best to implement this setup or if this issue has all ready been covered in the forum by others please point me in the right direction as my searchs have not yielded much.

Only other thing to note is that all sub domians are from the same FQDM E.g.
bla1.bla.com
bla2.bla.com and so on.

Thanks in advance

mrmarkuz · September 27, 2021, 2:11pm

Does the computer use NethServer1 as DNS server? Usually the IP set on Server1 DNS should work immediately after flushdns, maybe you need to restart dnsmasq on server side.
Is there’s an alias (check hostname in cockpit dashboard) on the NethServer1
Is there a hosts file pointing to the LAN address on the computer?

You may remove the DNS entries on NethServer1 so ping should return the public IP. In firewall settings hairpin NAT under Port forward should be enabled so port forwards are respected from internal.

Setting internal addresses in DNS should work too but is not necessary when using port forwards. If you use reverse proxy, DNS entries / aliases are needed.

Duncan_Rix · September 27, 2021, 6:58pm

Thank you for your responce and advice.

So I decided to remove all DNS and port forwards too Server2 and start again.
I had to remove port forwards first in order to be able to remove the DNS entry.

Once removed I re-added port forwards this time by IP rather than the DNS name.
I then went in to SNAT in firewall to map Server2 LAN IP to aliases WAN IP.
Interestingly all though there are no errors when I do this it dose not show that it’s been added like it did before.

Now if I ping Server2 DNS name I do get the alieses IP as the responce but if I try and access cockpit on 9090 it returns with Server1’s login page. Yes there is a port forward for 9090 to aliese IP, and yes I applied it after adding it.

I remember now this is an issue I had origanly and thats why I added the DNS entry on Server1 in the first place.

Every thing still seems fine when accessed externally still.

Yes to your question. Server1 is the DNS for the LAN set by it’s DHCP. I have restarted EVERY THING! lol.

Very fustrating I just cant work out what I’m doing wrong.

Duncan_Rix · September 27, 2021, 7:06pm

P.S definatly no host file setting.
Not sure what you mean regarding

“Is there’s an alias (check hostname in cockpit dashboard) on the NethServer1”

Only entry there is that servers own FQDN e.g. server1.bla.com

mrmarkuz · September 27, 2021, 7:08pm

You don’t need SNAT, only port forwarding is needed in server manager.

This is a good idea and maybe was an issue too.

EDIT:

When you click on the hostname in dashboard, you’ll see the alias settings:

Duncan_Rix · September 27, 2021, 7:09pm

BOOM! Sorry for all the replys.

Just clicked the hostname bit on server1 and I’d managed to add the vhost that started this whole affare!

So I recon if I put it all back to how it was now it should work but I will have to put the DNS back to how I had it.

Thank you very much. I shall put back and if all it good mark this a sloved.

Duncan_Rix · September 27, 2021, 7:30pm

Many thanks all working now.
It’s a similer problem that I had back in my Amiga days when I had two identical machines in front of me. I’d all ways be typing away on the wrong one lol.

Many thanks