Cannot access DA panel or domain behind same ip.

[portalx]

Hello,

As mentioned in the post title, after the installation I can access the panel using the default domain provided by DirectAdmin.


However, once the installation is complete and the server reboots, I can no longer access the panel or any domains I add, if I'm connected from the same local network (LAN) or from any device within the network. It only works if I use my mobile data (5G) and access it from outside the network.


This is quite frustrating, and I can't proceed further.
What am I missing or doing wrong?


Thank you!

 

[zEitEr]

Hello,

Your IP must has been blocked. You will need to check a list of blocked IPs in DirectAdmin -> CSF/LFD plugin and unblock it.

Or you have an issue with network settings, and here we can not guess which settings you use: NAT, router, multiple IPs, etc.

What am I missing or doing wrong?

 

[portalx]

Hello zEitEr,

Thank you for your reply. There’s nothing being blocked by the CSF firewall — I’m also using this firewall on my other servers without any issues. The csf.deny list is empty.

The server is running inside a VPS hosted on Proxmox. For testing purposes, it is currently placed in front of the router with only the necessary ports (80, 443, 2222) open to allow access.
I haven’t opened the other required ports (993, 995, 465, etc.) yet, as I still need to complete the setup.

As I mentioned before, the server is accessible via mobile connections (4G/5G).

All the devices behind the router cannot access it by domain (http(s)://sub.domain.ltd, Only by ip (192.168.1.54).

Thank you

 

[zEitEr]

The csf.deny list is empty.

It is populated with IP permanently blocked only. CSF/LFD uses another file for listing temporary blocked IPs.

Anyway, I'm not the one who you need to persuade that everything is correct. Going this way you will loose the point and time.

I don't know your setup and am just guessing what might be wrong (and I hate playing guess games). You know your setup and have an access to the server.

I might only give some ideas to check:

1. Link LAN ip to External IP: https://docs.directadmin.com/other-...for-local-ips.html#link-lan-ip-to-external-ip
2. check logs, check pings, check network settings.
3. disable CSF/LFD temporary and see whether or not you have a good result.
4. open a ticket with DA support, if your license includes the official support
5. hire somebody to check it for you

 

[portalx]

Thank you for your answer, I will check the above and hope to found solution.

 

[DrWizzle]

Hello zEitEr,

Thank you for your reply. There’s nothing being blocked by the CSF firewall — I’m also using this firewall on my other servers without any issues. The csf.deny list is empty.

The server is running inside a VPS hosted on Proxmox. For testing purposes, it is currently placed in front of the router with only the necessary ports (80, 443, 2222) open to allow access.
I haven’t opened the other required ports (993, 995, 465, etc.) yet, as I still need to complete the setup.

As I mentioned before, the server is accessible via mobile connections (4G/5G).

All the devices behind the router cannot access it by domain (http(s)://sub.domain.ltd, Only by ip (192.168.1.54).

Thank you

I've just seen this and I had a similar problem. I too use Proxmox on a Poweredge server on my local network for testing and expose each instance I build to the internet via a DMZ on my router. When I install I can access the server from the local lan, for example 10.0.88.2:2222 to login and then setup, but like you i'm unable to login with a subdomain or the servers hostname.

The way I do it is as follows:

Before I install, I will set the env variables:

export DA_NS1="ns0.domain.co.uk"
export DA_NS2="ns1.domain.co.uk"
export DA_HOSTNAME="da.domain.co.uk"
export DA_EMAIL="[email protected]"

This helps as i'm not setting nameservers etc in the admin panel after. I wait for the install to finish and then login. I will use the local lan address followed by the api created by custombuild to get started. For example, custombuild will report

To login now, follow this URL:

        http://da.domain.co.uk:2222/api/login/url?key=i74QWPZO84I-6hPapSWwLCxaneTJ3-72

but that won't work as DirectAdmin hasn't yet created an A record in the DNS for that domain. In fact DA hasn't created any DNS record, i've found, until you create the first domain in the admin account and then it will create the nameservers as set in the env variables earlier to satisfy BIND along with the matching DNS record.

So, I login via an amended url (for example)

 http://10.0.88.2:2222/api/login/url?key=i74QWPZO84I-6hPapSWwLCxaneTJ3-72

I then go across to the IP address management and make sure all the IPs i'm using appear (in case I want to use IPv6). I then add the main domain for the server in the admin account, pop across to DNS management and add the A record for the server hostname and any other subdomains/records I need and activate the admin SSL. Once that's all done, I can login to the control panel with the hostname/subdomain desired without using the lan address, 5G or a VPN. By this stage it's also protected with an SSL cert.

I hope I haven't read your problem wrong and this helps!

 

[Richard G]

In fact DA hasn't created any DNS record, i've found,

The hostname issue again. To me that is a a bug. If you specify the hostname then a hostname entry in DNS adminstration should be made including A records and entry's in the /etc/virtual directory for the hostname.

 

[DrWizzle]

The hostname issue again. To me that is a a bug. If you specify the hostname then a hostname entry in DNS adminstration should be made including A records and entry's in the /etc/virtual directory for the hostname.

To be fair, i've never actually checked upon a fresh install inside /etc/virtual for the hostname. I know i'll always set the hostname in /etc/hosts and /etc/hostname before I install as it does help.

A really nice feature would be if you were able to set an env variable before running the install script, (if it's not already a feature I don't know about) that was simply the domain for the admin account, I mean you're able to specify the admin email upfront, along with the hostname and 2 nameservers so why not have another variable for the domain. That way, you could have the DNS record created off the bat for the admin account and when it gets to the TLS certificate issuance part of the install script, it won't fail as it always does. Again, i'm sure there's ways around this, but everyone likes simplicity