[Support] Installing Firezone on a server which is behind Firewall

elhanan · June 21, 2022, 2:26pm

I am glad to be here to get support from you guys.

I have installed firezone on my Fedora Server 36 successfully. The server I used is already running Nextcloud on port 443 using apache, and this Server is behind Firewall and assigned local IP which is on some VLAN.
What I am trying to achieve here is, that I want to hide Nextcloud when accessed from outside, but serve without connecting to the tunnel when the requests are from the internal network. Here is the structure of my network:

As I described in the pic, currently our traffic is routed to the WAN IP on Firewall, not the public IP, that’s how we browse the internet. Currently, I port forwarded port 3001 (using the public IP)-(firezone admin panel) and port 443 to access Nextcloud; both are working for me. But as I said above I only want to access Nextcloud and other local servers through the tunnel, how can I achieve that?
Currently, when I connect to firezone from my phone, I can’t access the internet. Which IP should I use as Endpoint?

Thank you.

elhanan · June 22, 2022, 6:21pm

@jamil sorry for mentioning you here.
Currently, I changed my mind about surfing the internet through the tunnel but only use the tunnel for Nextcloud Traffics from outside. So please can you give me a hint, thank you.

jamil · June 23, 2022, 3:16am

Hmm I think you’re referring to split tunneling: Split Tunnel | Docs Firezone

elhanan · June 23, 2022, 8:59am

thanks, @jamil I will do that.
But on my first post, I asked which IP should I use as an endpoint to connect to the VPN from outside, I have installed Firezone on the Local Server which is behind Firewall, So when I try to connect the Server must be available publicly right?

jamil · June 23, 2022, 3:45pm

@elhanan You’ll want to use the public IP of your network, which should be the IP Firezone uses by default. You’ll need to make sure to use the public-facing port on your home router you’ve exposed for WireGuard traffic if it’s not the default of 51820.

elhanan · June 25, 2022, 4:12pm

@jamil Thank you so much for clearing out things for me
Currently, I am forwarding port 443 of the public IP to my server where I installed Firezone. I hope it will going to work for me.

jamil · June 25, 2022, 4:13pm

Typically port 443 is for the web portal. WireGuard listens on port 51820 by default, so you’ll need to forward that too for the VPN connection.

elhanan · June 25, 2022, 4:19pm

@jamil Thank you so so much, I will forward port 51820 too. I liked everything about Firezone, it will simplify monitoring users on our VPN.
THANKS AGAIN!