Unable to access local domains

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Unable to access local domains

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Unable to access local domains
Unable to access local domains
2021-11-05 13:49:19
Model: Deco M4  
Hardware Version: V2
Firmware Version: 1.4.3 Build 20200918 Rel. 74289

Hi all,

I’ve just bought the Deco M4 and I’ve configured it in Wireless Router in cascade to the ISP router (on the isp router I’ve disabled all the firewalls and enabled both DMZ and Static Nat Host on the ip of the deco m4). Then I connected via Ethernet to the main deco a PC with some web services, all accessible through a reverse proxy. Subsequently I forwarded all the necessary ports (80,443) of the reverse proxy and all the services are correctly accessible from outside the network. Unfortunately I’m not able to use them from the inside: I always get a 403 Forbidden error code. If I set manually the dns resolutions of those domains to the local IP of the reverse proxy everything works fine (but it’s not that great).
Before I was using a dlink mesh system with the same topology and I’ve never had this issue (actually it was the only thing working, everything else was terrible and this is the reason why I switched to the deco ;) )
 

If they can help I've also run some tests with curl [XXXXXX.duckdns.org is the redacted domain name of one service and XX.XX.XX.XX is the public ip associated]:

HTTP    #############################################################

curl -v http://XXXXXX.duckdns.org

* Rebuilt URL to: http://XXXXXX.duckdns.org/
*   Trying XX.XX.XX.XX...
* TCP_NODELAY set
* Connected to XXXXXX.duckdns.org (XX.XX.XX.XX) port 80 (#0)
> GET / HTTP/1.1
> Host: XXXXXX.duckdns.org
> User-Agent: curl/7.55.1
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Content-Type: text/html
< X-Frame-Options: SAMEORIGIN
< Date: Fri, 05 Nov 2021 13:02:16 GMT
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Accept-Ranges: bytes
< Connection: close
<
<html>
<head>
  <title>403 Forbidden</title>
</head>
<body bgcolor="#ffffff">
  <h2>403 Forbidden</h2>
  <p></p>
</body>
</html>
* Closing connection 0

HTTPS #############################################################

curl -v https://XXXXXX.duckdns.org

* Rebuilt URL to: https://XXXXXX.duckdns.org/
*   Trying XX.XX.XX.XX...
* TCP_NODELAY set
* Connected to XXXXXX.duckdns.org (XX.XX.XX.XX) port 443 (#0)
* schannel: SSL/TLS connection with XXXXXX.duckdns.org port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 194 bytes...
* schannel: sent initial handshake data: sent 194 bytes
* schannel: SSL/TLS connection with XXXXXX.duckdns.org port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with XXXXXX.duckdns.org port 443 (step 2/3)
* schannel: encrypted data got 1934
* schannel: encrypted data buffer: offset 1934 length 4096
* schannel: next InitializeSecurityContext failed: SEC_E_CERT_EXPIRED (0x80090328) - The received certificate has expired.
* Closing connection 0
* schannel: shutting down SSL/TLS connection with XXXXXX.duckdns.org port 443
* schannel: clear security context handle
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_CERT_EXPIRED (0x80090328) - The received certificate has expired.

HTTP MANUAL-DNS #############################################################

curl -v http://XXXXXX.duckdns.org
* Rebuilt URL to: http://XXXXXX.duckdns.org/
*   Trying 10.100.100.251...
* TCP_NODELAY set
* Connected to XXXXXX.duckdns.org (10.100.100.251) port 80 (#0)
> GET / HTTP/1.1
> Host: XXXXXX.duckdns.org
> User-Agent: curl/7.55.1
> Accept: */*
>
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://XXXXXX.duckdns.org/
< Server: Caddy
< Date: Fri, 05 Nov 2021 13:07:12 GMT
< Content-Length: 0
<
* Closing connection 0

HTTPS MANUAL-DNS #############################################################

curl -v https://XXXXXX.duckdns.org

* Rebuilt URL to: https://XXXXXX.duckdns.org/
*   Trying 10.100.100.251...
* TCP_NODELAY set
* Connected to XXXXXX.duckdns.org (10.100.100.251) port 443 (#0)
* schannel: SSL/TLS connection with XXXXXX.duckdns.org port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 194 bytes...
* schannel: sent initial handshake data: sent 194 bytes
* schannel: SSL/TLS connection with XXXXXX.duckdns.org port 443 (step 2/3)
* schannel: encrypted data got 4096
* schannel: encrypted data buffer: offset 4096 length 4096
* schannel: encrypted data length: 188
* schannel: encrypted data buffer: offset 188 length 4096
* schannel: received incomplete message, need more data
* schannel: SSL/TLS connection with XXXXXX.duckdns.org port 443 (step 2/3)
* schannel: encrypted data got 457
* schannel: encrypted data buffer: offset 645 length 4096
* schannel: sending next handshake data: sending 93 bytes...
* schannel: SSL/TLS connection with XXXXXX.duckdns.org port 443 (step 2/3)
* schannel: encrypted data got 195
* schannel: encrypted data buffer: offset 195 length 4096
* schannel: SSL/TLS handshake complete
* schannel: SSL/TLS connection with XXXXXX.duckdns.org port 443 (step 3/3)
* schannel: stored credential handle in session cache
> GET / HTTP/1.1
> Host: XXXXXX.duckdns.org
> User-Agent: curl/7.55.1
> Accept: */*
>
[ ... schannel buffer/encrypt/decrypt ... ]
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Content-Length: 20883
< Content-Type: text/html
< Date: Fri, 05 Nov 2021 13:04:26 GMT
< Etag: "1d7d1aee2c87113"
< Last-Modified: Thu, 04 Nov 2021 19:05:09 GMT
< Server: Caddy
< Server: Kestrel
<

 

Thanks in advance for your help!

  2      
  2      
#1
Options