Nextcloud on Truenas core - port forwarding issue

Hi everyone.
I’m looking for some help in a particular issue I myself can’t figure out.

I have installed nextcloud without issue, ddns server in ‘services’ in truenas, installed a certificate via certbot. I port forwarded 80 and 443 to my nextcloud IP 192.168.1.99. I have added my ddns and local nextcloud IP to trusted_domains - and everything works like a charm! I can now access nextcloud on LAN and WAN through my ddns.

Now to the issue - after implementing these configurations, I can no longer access my router locally (Linksys) which should be at 192.168.1.1 or myrouter.local. These addresses both send me to nextcloud, which should only be at …99 and xyz.ddns.net

what has happened and how to I fix it?

EDIT: applying DMZ to nextcloud 192.168.1.99 seems to work just fine btw… But not just port forwarding 80 and 443 to 192.168.1.99… hmm

kindly,
Snogge

Probably something to do with hairpin NAT. The problem is that because you forwarded the ports, any domain you type than is resolved to your router will end up being forwarded to you nextcloud. Try setting your router port to 8443 or something and see if you can access it that way.

Thank you, I will try that right away as soon as I find that setting

Screenshot from 2024-06-08 16-43-30544×536 25 KB

Sadly I cant find any option for adding a port to access my router locally…

With that router I’m not surprised. It’s not really a router that is meant to be used in complex configurations.

But even with port forwarding, you should still be able to get to your router by typing 192.168.1.1
That part doesn’t make any sense.

Could you share a screenshot of the port forward you created?

Screenshot_20240608_173518_Linksys1080×2340 103 KB

Screenshot_20240608_173509_Linksys1080×2340 102 KB

Yeah true it’s an easy set up mesh, but port forwarding shouldn’t be a problem… I will give it a few more tries, then replace it if there’s no work around.

These are the port forward settings (disabled at the moment because of the issue). There is no other port forward rules enabled.

Thanks again

OK, so I found a NAT setting here:

Screenshot from 2024-06-08 18-06-161087×727 79.8 KB

1. When “Filter internat NAT redirection” is activated - I get access to the router, even on my ddns.
2. When deactivated - I turn up at nextcloud, everywhere, even at 192.168.1.1

So it’s working as intended?

No it’s either only router or only nextcloud however I do it… Unless I use DMZ on …99 - then it works fine, but I don’t know if I’m comfortable with that.

So with that setup, does .99 go to your nextcloud?

Removing port forwarding and only using DMZ on 192.168.1.99 works as intended, yes. But it doesn’t feel safe since I guess it allows all incoming traffic

What I mean is that when you activate that “Filter NAT Redirection” rule, can you get to both your router and nextcloud?

No. As stated earlier it’s either only the router or only nextcloud. Can’t figure it out without DMZ

I’d recommend investing in some hardware and installing something like pfsense on there. Or you could virtualized it in a VM if you have the know how.

But as I’m seeing it, it looks like you’ll have to change your DNS somehow.

What you could do is run a reverse proxy and forward all the traffic there. That way you can route the traffic based on DNS names. So xyz.ddns.com will go to your router and xyzxyz.ddns.com can go to Nextcloud.

If you’re running CORE, you can set up a jail using