owncloud/pfsense/Freenas

[amilliner147]

So im trying to setup owncloud i setup a DNS using DuckDns and add rules but cant seem to get it to work help plz

 

[pirateghost]

Your rule is all sorts of messed up
you have dest ports 80-1234? WTF for? You only need port 80 or 443 there.

your nat ports are 88-1242? Why? If you are using the plugin, owncloud is listening on port 80. your nat port should be port 80 or 443 if you have a cert configured.

 

[amilliner147]

I am using the plugin for freenas and i just saw the port was like that they are set to port 80 now still didnt fix anything... i can ping 192.168.1.4 and it lets me do that but thats about it any ides

 

[pirateghost]

Huh?

The ability to ping a server from within your network has nothing to do with a port forward on your router.

I told you what you needed to do.

You also need to understand that a lot of ISPs will block port 80 because running a web server on your home network and exposing it is against their TOS (typically).

You won't be able to use your DNS name from INSIDE your network without some "hairpin NAT".

 

[amilliner147]

Got it working i reboot pfsense and freenas and it just started working tthanks for your help again ghost you are a life saver

 

[SweetAndLow]

This seems like you are doing something very bad. Are you sure you're not exposing your network to the open Internet?

 

[amilliner147]

How am i doing anything bad ??

 

[SweetAndLow]

First you should try to not open port 80 on your gateway. Second you opened every port possibly at some point which is terrible. Owncloud should always use SSL if you are going to use it outside your network so look to set that up next. It also appears you might be using DHCP addresses when they should be static in some way.

 

[jdong]

Nowadays with tools like Shodan and other automated port scanning bots, I don't recommend running services on well-known ports unless absolutely necessary. That definitely includes 80 and probably 443 as well as VNC/SSH ports. Otherwise, the next time there's a zero-day for your favorite web or SSH server, you'll end up as a part of a shodan.io query for vulnerable servers. And in the best case scenario I've seen misbehaving botnets (or perhaps intentional behavior) hammer SSH so hard with futile login attempts that it prevented me from getting in.

A nonstandard port still provides some protection against this. Lately I've opened the bare minimum of ports to the public and use either a VPN appliance or dedicated VPN firewall distribution (like your pfsense) for additional access into my network for services that don't need to face the public 24/7.

 

[pirateghost]

I prefer tunneling everything via a reverse proxy VPS on Digital Ocean, with firewall rules in place to only accept connections from that server. The reverse proxy allows me to operate many services on port 80 and 443

 

[amilliner147]

Thanks for all your input much need ... iv come to the point i need to add my dynamic DNS service to owncloud i went to the jail and went to /usr/local/www/owncloud/config/config.php: but it give me a error i attach a pic to show you guys anyideas

 

[anodos]

You won't be able to use your DNS name from INSIDE your network without some "hairpin NAT".

Or split DNS. This is relatively simple to do in pfsense. Just configure the pfsense DNS forwarder and set a "host override" for the site in question.