We Keep Coding

pfsense: capture traffic for public IP and redirect to local network

I want to redirect all the traffic to a public IP to a local IP address.
I have te follow network. The server is from internet reachable trough the public IP (1.2.3.4). On the ISP router and the pfsense the NAT forward the traffic to the server (192.168.2.2). In pfsense the DNS is configured with the local IP of the server.
The problem is a laptop (192.168.2.3) in the pfsense LAN, it's a working device and I am not administrator. On the laptop there is a VPN and a configured DNS server that I cannot change. If I try to visit the server the laptop receive the public IP, but the ISP router don't reflect the traffic back.
I have tried to configure a virtual IP (1.2.3.4) on the LAN interface and NAT the traffic to the server (192.168.2.2). But there is no connection.
What can I do? Or what I do wrong?

The problem that I have found was a missing option in System>Advanced in the tab Firewall & NAT you have to check the option Enable automatic outbound NAT for Reflection.
After that you need to recreate the NAT rule.

If external-ip of coturn is only used for aws?

https://github.com/coturn/coturn/blob/c4477bfddd2cd51de1ad37032ca88330f3c44ed6/docker/coturn/turnserver.conf#L100
In turnserver.conf , I see a world " For Amazon EC2 users", if the external-ip is only used for aws?
I let the stun server run in the k8s cluster, and then expose it to the public network with the nodeport service, but the srflx returned by stun is a gateway address, not the external-ip which I set. My k8s cluster runs on Alibaba Cloud.
I hope someone can help me solve this problem, thank you！！！

AWS EC2 instances, for the most part, run behind a NAT. Even if you've assigned a public IP address (e.g. 1.2.3.4) via the AWS Console, the instance only knows about the private network its on and is unaware of the public IP address assigned to it. That is, the instance thinks its IP address is 172.31.5.6 because that's what the Operating System discovered at boot time. Port forwarding enables certain TCP and UDP ports to be forwarded from the public IP address to the private IP address that the EC2 instance is running on.
This typically isn't a problem for most services run on an AWS EC2 instance. With STUN running in full "2 IP address and 2 port mode", the server needs to advertise its alternate IP address back to the client, should the client want to conduct NAT behavior and filtering tests. But it would be incorrect for the STUN server to send back 172.31.5.7 as its alternate IP - the client has no way of reaching that IP since its private.
Similarly for TURN, when port allocations occur, the server needs to send back the public IP address of the EC2 isntance to the client who allocated it. It would be bad if the client requested a TURN port to share with another peer - only for the TURN srever to send back 172.31.5.6.
Hence, for a STUN or TURN server to be hosted behind a NAT, a set of command line parameters or configuration parameters are needed to tell the server what its "real" IP addresses are. The STUN/TURN software will use these IP addresses for sending responses back to clients.

Trying to setup a personal ANS server. Not able to bind domain name

Goal:
My goal is to setup a web server and an ANS server for my website at home where it is publicly available. I can access the webpage through my public IP address outside of my network, but can't figure out how to bind that address with the domain name I purchased on namecheap.com.
What I'm Running:
I'm using
VirtualBox 6.0.4
; 3 guest machines that are running Ubuntu 18.10 (for a primary and secondary dns server and a web server)
; my host machine is running Windows 10
; bind9 for ANS (DNS) and apache2 as a web server
; and my domain name was purchased at namecheap.com
What I've Done:
I've followed the instructions on this page to setup the DNS servers : https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-an-authoritative-only-dns-server-on-ubuntu-14-04
The network setting on VirtualBox(VB) is set to "bridged adapter."
On my router, I've opened (http) port 80 for the IP address of my apache web server and (tcp/udp) port 53 for the IP address of my primary DNS server.
My questions:
I'm unclear as to which IP addresses to put in at namecheap.com under "custom DNS"?? The IP addresses of my DNS servers in VB or the IP address of the DNS servers that is provided by my router? If it's the latter, then how do I add them to the named.conf files?

Considering that the public IP address of your router does not change, you should do port forwarding in the router for your VB to be accessed from the internet, then use your router's public IP to configure in namecheap.

gcloud compute: configure firewall for external traffic

I am attempting to configure my google cloud instance to allow external traffic so I can set up a web socket; however despite adding a rule for all external TCP/IP traffic, I can't access it. My rules are:
gcloud compute firewall-rules list
NAME NETWORK SRC_RANGES RULES SRC_TAGS TARGET_TAGS
default-allow-ssh default 0.0.0.0/0 tcp:22
external-traffic default 0.0.0.0/0 tcp,udp
gcloud compute instances list
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
pi-server us-central1-a n1-standard-1 **.***.*.* **.***.***.*** RUNNING
I have configured this as a static IP (this is displayed in my cloud dashboard):
Name External Address Region Type In use by
crypto-iris-****** **.***.***.*** us-central1 Static VM instance my_instance_name (Zone a)
I also have some Go client/server web socket code that works perfectly on my computer using localhost:8080 as address. So, my question is: can I simply replace localhost with the external static IP of my instance under these rules?
My client makes use of "github.com/gorilla/websocket" on port 8080. Output of client locally is:
connecting to ws://23.251.148.133:8080/echo
dial:dial tcp 23.251.148.133:8080: getsockopt: operation timed out
exit status 1
Code upon request, if anyone wants to see it.

Problem: my golang/gorilla server was hosting on localhost:8080. I changed it to 0.0.0.0:8080. Smooth sailing after that.
See following post about this, but basically the server was listening to the local loopback address (available only to local machine) instead of the outside world.
https://serverfault.com/questions/78048/whats-the-difference-between-ip-address-0-0-0-0-and-127-0-0-1

Can't connect to my webserver from external source

I am having problems connecting to my website from a source outside my local network. I had another server before running the same site. The only difference is the old one was FreeBSD and now I'm trying it on Linux.
Here is my setup: I'm using Apache2. The server is behind a Netgear router. I'm using a Freedns host name. I have ddclient updating my ip.
Here is what happens: I can look at my site from the server in Chrome or my phone connected to the local wifi. It works using either the host name or ip address. It does not load from my cell phone or from my desktop using a proxy for either the host name or the ip address (the external one from googling my ip and from the router's wan info page). When I try the proxy with the host name I get "conection timed out" error, and when I try the ip address I get "couldn't connect to host error".
Here is what I've tried: I enabled port forwarding to the server from and to port 80 to my lan ip address. I disabled the firewall on the server. I double checked that the host name is directed to the right ip address. I ensured that the ip address does indeed point to my router. I've watched wireshark on my server while trying to connect and don't see any incoming requests when I try to load it from my phone.
It seems like maybe my port forwarding isn't working, but on my router it says that that port forwarding rule is active.
I'm out of ideas as to why what else could be going wrong.