Hi,
I have a new UniFi network and added my Eblocker onto the network. I’ve changed the DHCP settings on the cloud gateway to point both the DNS and Default gateway to the eblocker under the DHCP settings in UniFi.
I’ve configured eblocker DHCP to expert mode and set the DHCP to external.
Eblocker is fine, but my hosted website on my network is no longer accessible from the internet.
Is there anything else I need to do on the Eblocker to get it accessible again?
@deepunder First of all I've moved your post to a new topic as the thread you had posted to was already solved. This makes it easier to keep track of open issues and confuses readers looking for a solution less.
Eblocker is fine, but my hosted website on my network is no longer accessible from the internet.
I'm not clear about your setup yet. Could you please elaborate more about your current (non eBlocker) setup for reaching your internal websites. Are the internal domain names resolved by a public/external DNS? Or are you running a private/internal DNS server to resolve the domains? Are these internal domains not resolving from the Internet (only) or is this just internal?
Hint: Where are you pointing eBlocker's DNS to for resolving external domains? This needs to be your external DNS resolving the internal DNS requests. So make sure the only(!) server named under DNS Firewall/External DNS is the DNS server able resolving internal domains.
THX!
Thanks @random for moving to a new thread.
my setup consists of
- UCG Fibre
- Flex POE Switch
- two wireless APs
the Eblocker is connected to one of the ports in the switch.
Before eblocker the my UniFi network is configured as the DHCP server and points the default gateway and DNS to 1.1 which is the UCG Fibre device.
I have a webserver on my network and I have configured port forward rules on port 443 to my webserver.
the DNS records for my webserver is on an externally hosted provider.
with the above everything is working including the realtime stats on the UniFi network.
I powered on Eblocker and configured it in expert mode pointing the DHCP as external and the default gateway to 1.1.
I updated the dhcp settings on my network to point both the DNS and default gateway to the Eblocker address.
Internet browsing from internal works fine, accessing my website internally is fine, but trying to access my site outside of my network doesn’t work.
I’ve reverted the settings by removing Eblocker and my website is accessible externally.
trying to access my site outside of my network doesn’t work.
I'm not sure how you access your network, but would suggest to use eBlocker Mobile. Then resolving internal domains should work as expected (as you are literally just expanding your local eBlocker network to your mobile client using OpenVPN).
If you are using some other VPN solution, it seems the VPN brings it's own DNS setting (ignoring the DHCP settings in your network - so you can't access your server by name).
Alternatively to eBlocker Mobile, make sure your VPN is using eBlocker's DNS server (hence, set eBlocker's IP in your VPN's DNS settings). Depending on your VPN this setting might not be possible. Then your only bet is eBlocker Mobile.
THX!
Thanks @random
eblocker mobile works fine. The issue is my customers can’t access my website I host on my network.
thanks
@deepunder You need a public DynDNS server to reach servers on your internal network without VPN. This DNS sever usually gets your current IP pushed from your Internet modem. Check your modem settings for a "dynamic DNS" entry and follow the instructions. On your modem also make sure to forward ports 80/443 from your external IP to your internal server. This is all standard procedure - nothing to do with eBlocker.
THX!
@random thanks for that.
yes this has been all setup and working.
the website is no longer accessible once Eblocker becomes the default gateway.
@deepunder Just disable your server under eBlocker Devices and/or give the server a static IP and set your modem's IP as Gateway and DNS. Then eBlocker will be completely invisible to your server traffic.
BTW: It's usually not a good idea to have a server(!) using DHCP. Network professionals use static settings for all non-mobile devices to avoid dependency from other network infrastructure...
THX!
thanks random
everything is configured to best practice, devices that need a static IP has one.
The webserver in Eblocker is turned off
the issue is that when Eblocker is the default gateway no one can access my website from the Internet. If remove Eblocker and change it back to point to 1.1 it works.
it’s like Eblocker is not routing traffic from the Internet back to the website.
it’s like Eblocker is not routing traffic from the Internet back to the website.
No sir. If you set the Gateway and DNS of your server to your router IP, it's technically impossible that eBlocker interferes the traffic. It does not see the traffic at all!
The problem must be something else - and I'm happy to help...
From a device outside your network please
- perform a traceroute to your server and take a screenshot of the result with eBlocker in your network
- do the same without eBlocker
Share both screenshots here.
Please check the docs if don't know how to run a traceroute. There are instructions for macOS and Windows.
THX!
Just a guess: Are you using IPv6?
Then traffic might route to eBlocker if another IPv6 router is in place.
But still eBlocker wouldn't touch the traffic if the devices is disabled in the settings. 🤔
To rule this out as the source of error, simply disable IPv6 under the Network tab IPv6. In case of no change, you should switch it back on, if you need IPv6. In an IPv4 only network you can safely keep it disabled.
Hi,
i tried to install eBlocker mobile, but so fair, it fails with the automatic Port Mapping.
I enabled UPnP on my Unifi Cloud Gateway (for the network where eBlocker is in). I am already using a dynDNS. When enabling eBlocker mobile, automatic Port Mapping fails.
is there a log somewhere where I could have a look what’s going wrong?
I managed to get eBlocker mobile working. It remotely filters traffic as expected.
Anyway, accessing local websites shows the same errors as for the teleport access. I will try to set up a general VPN service via the Unifi device enabling more customization settings.
@deepunder, how did you get it running for local websites on your end?
Anyway, accessing local websites shows the same errors as for the teleport access.
Check this out to access local devices via eBlocker Mobile: https://eblocker.org/en/docs/can-i-also-access-devices-in-my-network/
THX!
I have Eblocker back on the network and have updated the DHCP settings on the UniFi network to point DNS and the default gateway to the Eblocker.
So far no issue but this was what I experienced before until a day or so it stopped. What I can see this time using the UniFi topology is the cloud gateway device is still at the top of the tree, whereas before it was the Eblocker.
Going to wait to see if anything happens. I’ll report back. I have made no other changes which is very odd.
From a device outside your network please
- perform a traceroute to your server and take a screenshot of the result with eBlocker in your network
- do the same without eBlocker
Share both screenshots here.
@deepunder As said: Just share this if you run into problems and we take it from there.
THX!
hi issue came again. this is what i have observed
- in the UNIFI topology when the cloud gateway fibre is at the top of the tree, my website is accessible from the internet.
- when i change the DHCP settings to point the DW and DNS to my eblocker, the topology changes. The eblocker becomes the top with the cloud gateway fibre being a client. This is when the issue occurs.
- In the Ports section, the eblocker connected IP becomes the default gateway of 192.168.1.1, same as the cloud gateway fibre connected IP. I've confirmed that both devices have different IPs and are static.
- Eblocker might be promoting it in having a 192.168.1.1 address.
- A packet trace confirms traffic comes into my network, but not going out.
- The website remains accessible if you're on the same LAN.
eblocker has been turned off to get my website up and running again
@deepunder Please share the traceroute analysis as requested together with info about your network setup (see here how we like it: https://eblocker.org/community/announcements/before-posting-here-please-read/#post-117 )
THX!
Have you tried using eBlocker's DHCP server?
Would be great if you could try it out and share the results here.
Just to make sure: Your server uses static IP and DNS/Gateway is set to your Internet modem (and not to eBlocker). Correct?
If this is not the case a firewall (FW) might be causing the trouble here. Then the request is routed to your server but the eBlocker is responding this request. A FW will most likely block this.
The traceroute @Random requested together with your network setup will reveal if my guess is correct.
But I'm holding a bet on DHCP. Just try eBlocker's DHCP and I'm confident the issue will disappear.
same issue if I made Eblocker the DHCP server.
it’s been a day and a half and so far all is well and working. The only thing I have done differently is that I’ve used Automatic in the DHCP settings on the Eblocker instead of Expert mode.
in the UniFi console, the Eblocker connected IP is the address of the Eblocker instead of it being the default gateway of my cloud gateway like above.
I’ll keep monitoring.
Automatic Network mode (=ARP spoofing) is for simple networks with few clients. I highly doubt this is gonna work - but it will rather cause stream disconnects and other interrupts.
A traceroute will show what's going on.