Ubuntu 16.04 ISPConfig 3.1.2 htf_report.txt http://pastebin.com/jZJQJmh3 I setup following the ubuntu perfect server setup, everything is working. I have a dns setup, email,firewall. The issue is when trying to access the ispconfig control panel, webmail. using the fqdn results in a "refused to connect" and accessing the mail results in a "Forbidden You don't have permission to access /webmail on this server." If I access the server by using the local IP address:8080 , i can access control panel, same with webmail. Outside the network everything works flawlessly. here is my output of iptables -L http://pastebin.com/z1x1sseD i also just to make sire disabled the firewall on my router to make sure that was not blocking it and it changed nothing. I figured a good way to solve this and something I wanted anyways was a SPLIT DNS so that internal IP's would resolve the internal address and this issue should not happen named.conf Code: include "/etc/bind/named.conf.options"; acl internal { 10.9.8.1/24; 10.9.9.1/24; 10.9.10.1/24; localhost; }; view "internal-view" { match-clients { internal; }; recursion yes; include "/etc/bind/named.conf.lan"; include "/etc/bind/named.conf.default-zones"; }; view "external-view" { match-clients { any; }; recursion no; include "/etc/bind/named.conf.local"; }; named.conf.lan -> this points to the zone records for local ip resolve named.conf.lcoal -> is for all external zone records with this when doing a dig from computer with ip 10.9.9.3 "dig example.com" -> returns external ip <- this is the network for all computers in building computer with ip 10.9.8.5 "dig example.com" -> returns internal ip the only time i can get 10.9.9.3 to resolve an internal ip from example.com is by creating an a record that only exist within the local zone record and not the external zone record. which to me means that the split dns is sort of working and it sees the local zone file Any help would be appreciated.
Seems as if your router blocks access when you access the internal server with its external IP, so this is probably not an issue of the firewall on the server as you analyzed already. To confirm that you can e.g. put the domain name into the hosts file of your desktop together with the internal IP, if it works then you indeed need a split dns view or you configure the webmail link to use the IP address Under System > Interface config in ISPConfig. Split views in dns are not supported by the ISPConfig dns module as this requirement is not common for ISP's, you will have to configure that setup directly in the BIND config files. Personally, I have not used split views yet so I can not help you much with that.
I have the split dns setup , obviously its not working correctly and an internal IP should still be able to access the webpage thru the external IP, I will further investigate that. What seems odd to me is with the webmail, trying to access the webpage results in a "403 Forbidden error" this error comes from the web server itself not a router. For roundcube at least this , to me , would mean that the webserver is not allowing access? is my thinking correct on that? and if so , where do i allow a certain or range of ips to allow to access webpage. i checked the various apache , roundcube confs most had " require all granted" and " Allow from all" in the normal spots.
The 403 error is not from an IP limit in apache as no such limits are set in a default setup. Please take a look at the apache error.log file to see what triggers that error.
