0

I do not know what I am missing, any help will be appreciated.

(all updated) Host: Windows 10 Pro, WebServer: Debian 11 (Hyper-V VM), Mysql MariaDb 10.5.15, php 7.4.28, Wordpress 5.9.3, 80, 443 Port forwarded in gateway (Ubiquiti USG Pro-4) to Debian WebServer Private IP/vlan x, Firewall (EsedNod32) disable -Host, Firewall (UFW) Debian WebServer (22, 80, 443 opened), Firewall (Windows Firewall) disable -Host,

Wordpress: wp-config.php all setting ok (database, url, etc)

/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpressdb' );
/** Database username */
define( 'DB_USER', 'user' );
/** Database password */
define( 'DB_PASSWORD', 'Pass' );
/** Database hostname */
define( 'DB_HOST', 'localhost' );
/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
/* Add any custom values between this line and the "stop editing" line. */

define('WP_SITEURL', 'http://example.com');
define('WP_HOME', 'http://example.com');

apache2: domain.com.conf all setting ok (virtualhost)

<VirtualHost example.com:80 *:80>
    ServerName example.com
    ServerAlias example.com
    DirectoryIndex index.htm index.html index.php
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/example.com

&lt;Directory &quot;/var/www/html/example.com&quot;&gt;
        Options -Indexes +FollowSymlinks
        AllowOverride All
        Require all granted
&lt;/Directory&gt;

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined



</VirtualHost>
<IfModule mod_ssl.c>
    <VirtualHost default:443>
            ServerName example.com
            ServerAlias www.example.com
            ServerAdmin email@xxxmail.com
            DocumentRoot /var/www/html/example.com
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
            SSLEngine on
            SSLCertificateFile      /etc/ssl/certs/server.crt
            SSLCertificateKeyFile /etc/ssl/private/server.key
            SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
            <FilesMatch ".(cgi|shtml|phtml|php)$">
                            SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                            SSLOptions +StdEnvVars
            </Directory>

News (Edited)

I found a related post and take action, I was able to make it work (NatNetwork) but still I can not reach access to my Debian WebServer from Internet(outsize) and one more issue, I lost ssh access from my host (win10Pro) to Guest VM(Debian), normally I do it trough SSH-Agent with my Private-Key, and even with passwork do not work anymore;

Fixed: Add Allow user <myuser>@10.0.0.1 in /etc/ssh/sshd_config file

Aditional comment how is Network now, Host 192.168.x.x, and new NatNetwork in 10.0.x.x.

New-VMSwitch  -SwitchName "NATSwitch"  -SwitchType Internal

New-NetNat  -Name NATNetwork  -InternalIPInterfaceAddressPrefix 10.0.0.0/24


New-NetIPAddress -IPAddress 10.0.0.1 -PrefixLength 24 -InterfaceAlias "vEthernet (NATSwitch)"

NatMapping

Add-NetNatStaticMapping  -NatName NATNetwork  -Protocol TCP  -ExternalIPAddress 0.0.0.0/24  -ExternalPort 80  -InternalIPAddress 10.0.0.24  -InternalPort 80
  • I can go into my webpage with private Ip in LAN (because is in my host file /Manually added)
  • I can not from Internet (outsize/public ip)

Get-NetRoute -AddressFamily IPv4 -InterfaceIndex 2 | Format-Table DestinationPrefix, NextHop

DestinationPrefix  NextHop
-----------------  -------
255.255.255.255/32 0.0.0.0
224.0.0.0/4        0.0.0.0
10.0.0.255/32      0.0.0.0
10.0.0.1/32        0.0.0.0
10.0.0.0/24        0.0.0.0

Get-NetRoute -AddressFamily IPv4 -InterfaceIndex 28 | Format-Table DestinationPrefix, NextHop

DestinationPrefix  NextHop
-----------------  -------
255.255.255.255/32 0.0.0.0
224.0.0.0/4        0.0.0.0
192.168.1.255/32   0.0.0.0
192.168.1.64/32    0.0.0.0
192.168.1.0/24     0.0.0.0
0.0.0.0/0          192.168.1.1

IPv4 Route Table


Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.64    281
         10.0.0.0    255.255.255.0         On-link          10.0.0.1    271
         10.0.0.1  255.255.255.255         On-link          10.0.0.1    271
       10.0.0.255  255.255.255.255         On-link          10.0.0.1    271
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
     172.23.144.0    255.255.240.0         On-link      172.23.144.1   5256
     172.23.144.1  255.255.255.255         On-link      172.23.144.1   5256
   172.23.159.255  255.255.255.255         On-link      172.23.144.1   5256
      172.31.80.0    255.255.240.0         On-link       172.31.80.1   5256
      172.31.80.1  255.255.255.255         On-link       172.31.80.1   5256
    172.31.95.255  255.255.255.255         On-link       172.31.80.1   5256
      192.168.1.0    255.255.255.0         On-link      192.168.1.64    281
     192.168.1.64  255.255.255.255         On-link      192.168.1.64    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.64    281
      192.168.2.0    255.255.255.0         On-link      192.168.2.64    281
     192.168.2.64  255.255.255.255         On-link      192.168.2.64    281
    192.168.2.255  255.255.255.255         On-link      192.168.2.64    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.2.64    281
        224.0.0.0        240.0.0.0         On-link      192.168.1.64    281
        224.0.0.0        240.0.0.0         On-link          10.0.0.1    271
        224.0.0.0        240.0.0.0         On-link      172.23.144.1   5256
        224.0.0.0        240.0.0.0         On-link       172.31.80.1   5256
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.2.64    281
  255.255.255.255  255.255.255.255         On-link      192.168.1.64    281
  255.255.255.255  255.255.255.255         On-link          10.0.0.1    271
  255.255.255.255  255.255.255.255         On-link      172.23.144.1   5256
  255.255.255.255  255.255.255.255         On-link       172.31.80.1   5256
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.1.1  Default
===========================================================================

Debian (WebServer) is into Vlan (10.0.x.x vlan x) vlan ID is setting in VSwitch Manager setting and VM Network Adapter setting too, not in debian VM configuration (/etc/interface) am I ok? it is working in this way so I think I am.

INTERFACES SETTING

I can do ping to internet, host and eth0 interface. Do I Need static route in (USG Router), or any iptable rule, or mascarade (in Server)? are my interfaces file setting ok? (/etc/network/interfaces)

<myuser>@terrawp:~$ ip route
default via 10.0.0.1 dev eth0 onlink
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.24

<myuser>@terrawp:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:00:69:3a brd ff:ff:ff:ff:ff:ff
inet 10.0.0.24/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::215:5dff:fe00:693a/64 scope link
valid_lft forever preferred_lft forever

Thank you and GOOD FIXING !!

HillSonMX
  • 1
  • 1
    I assume you can access your site from the Hyper-V host…? Did you set the VM to use bridged networking? Are you on a wired connection? Can other devices in your local network access the site by using its IP address? – Daniel B May 19 '22 at 06:58
  • Yes @Daniel B, I can access locally using Private IP (but not domain that is what I want to), Bridged Network is used in wired connection (VM), everyone on local can access to webserver using Private IP. – HillSonMX May 23 '22 at 21:42
  • Bridged? So you are using a different IP subnet for the VM(s) even when it is in the same broadcast domain / LAN as your physical LAN hosts do? What's the reason for that? (Typically you use one single IP subnet within a LAN. And either way you can/should just port forward from your router in such case.) – Tom Yan Jul 05 '22 at 00:23
  • Also even if it's not really bridged, you still need to additionally port forward from the router to the VM host first (unless maybe your VM host is set as the so-called "DMZ"). And obviously your router's WAN IP need to be an actual public IP (i.e. no CGNAT posed by your ISP). Btw it should be 0.0.0.0/0 for -ExternalIPAddress. – Tom Yan Jul 05 '22 at 00:26
  • @Architect Jamie gave a solution in this post https://serverfault.com/questions/914482/how-to-dnat-forward-all-ip-traffic-on-windows-10-from-ip1-to-ip2 than I had applyed but did not work, NatNetwork lost internet connection, maybe he could give us a hand with this, Regards! – HillSonMX Sep 10 '22 at 23:20

1 Answers1

0

You need to make sure both of the following are in place before Internet-based traffic will reach your webserver.

  1. Valid Network route to your network gateway/firewall VM needs to have a network adapter connected. If applicable, it needs a VLAN tag. Then inside your VM you need to make sure it has an IP address assigned (Static or DHCP w/reservation), DNS and gateway assigned. You know it's successful when you're able to ping out from the VM https://windowsreport.com/add-network-adapter-windows-10-hyper-v/#:~:text=In%20the%20Hyper%20V%2DManager,you%20the%20Network%20Adapter%20window

  2. Firewall rule with port forwarding OR a reverse proxy configured. By default inbound traffic is blocked on all firewalls. You need to setup a rule to forward traffic to your VM on port 80

https://help.ui.com/hc/en-us/articles/235723207-UniFi-USG-UDM-Port-Forwarding-Configuration-and-Troubleshooting

Usta
  • 604
  • 2
  • 9
  • 22
  • Webserver has internet with no problem, and can be reach locally but not from Internet (outside).
  • All was done, still the issue, Thank you @Usta .
    • – HillSonMX May 23 '22 at 21:46