hi i am a new learner.
i am trying out seafile as our local cloud.
i have set up my seafile server as 192.168.1.2:8000
locally its working perfectly as suggested on youtube videos.
now i have pfsense firewall, i want to put port forwarding firewall on pf sense for seafile so i access it from my home. because my home and office are from same office so i would not need public ip.
please assist me in baby steps how can i do this on my pf sense
office isp and home isp are the same so no public ip required.
One way is to get ISP internal IP. But alot of ISP have more or a lot small IP zones so I think you cannot reach what you want. You have to ask your ISP for your home WAN IP and let them do it accesable from office. Another way is use dyndns.
Or are you sure you can reach your home WAN IP from office? Do you know your home WAN IP?
hi holan thanks for reply,
yes i can reach wan.
you see i work for ISP for home office and everywhere the subnet is same, on pfsense i put port forwarding to 8000 mapped to local ip, 8082 again mapped to local ip,
by doing that i can access the login page by putting wan ip from home (local server in office), i can even see the files. but when i click to download a file the page redirects to local ip.
Let me explain further.
wan ip is 10.120.0.126
internal ip is 192.168.1.2
port forwarded rules:
source - any destination ip - wan address port from: 8000 port to 8000… redirect ip: 192.168.1.2 redirect port 8000
source - any destination ip - wan address port from: 8082 port to 8082… redirect ip: 192.168.1.2 redirect port 8082
now at office if i wanna use i use 192.168.1.2:8000 its works and uploads and downloads files.
now when i come home or any other place where subnet is same of that wan ip.
i use 10.34.0.126:8000 this opens seafile login page
but when i access files and click on download it redirects to
its either port is not forwarded for 8082 although i did, or i think i need to change config.
now i dont wanna put wan ip on the server instead of local ip if i do i can upload files and download files externally but it gives problem locally.
i am stressed cause people needs to access files internally and externally.
now if you look at the last pic, if i change it to wan ip edit 192.168.1.2 to 10.34.0.126 it will download the file easily. so i think port is really forwarded
this is caused by settings SERVICE_URL and FILE_SERVER_ROOT. Download file using this settings.
Your best option is make local static DNS records on your router. 10.34.0.126 -> example.com
And do same in DNS server on ISP subnet mask 192.168.1.2 -> example.com
But I think your ISP will not want to do it.
then you have to change SERVICE_URL and FILE_SERVER_ROOT to your domain.
Best way is just get STATIC PUBLIC IP from your ISP and buy classic domain.
i doubt client wants that for security purposes he doesnt wants domain and public ip. he wants to be known as less as possible.
but let me try creating domane name internally than buying it.
so what u mean is then i dont need to worry about ip’s internally or externally, i just need to use domain name and the server will configure it itself.
can you kindly elaborate more on this. i think thats where my answer lies. in these two lines
No, your goal is make unified name for seafile server. Seafile just cannot work with more name (more then one IP or domain).
You have to unify your domain name. Sou user for example dhiraj.com.
- You have to go on your home local DNS Server(should be build-in your router) and setup Static DNS Record for IP 10.34.0.126 to dhiraj.com.
- Next you have to go to ISP’s DNS Server(which is in same subnet as your home WAN IP) and setup same Static DNS Record as at home but with your WAN IP so 192.168.1.2 dhiraj.com.
- Next you have to setup in Seahub settings SERVICE_URL to http://dhiraj.com and FILE_SERVER_ROOT to http://dhiraj.com/seafhttp
- Last step is setup on your home computers local DNS server and on every computer which you want to access seafile setup your ISP’s DNS server.
Or Second way
- Do step 3 from first way.
- Add record
dhiraj.com 10.34.0.126 to hosts file to all your computer at home.
- Do same but with IP 192.168.1.2 at work.
Hosts file on windows is at
Hosts file on Linux is at
Hosts file on Mac is at
i think that makes sense.
give me a day or two will update you with results.
its best i use local domain name rather than internal and external ips’s. and configure hosts internally and externally.
Am I missing something or do you expect security using plain http?
The least you should do is use a local reverse proxy!
Then setup ONE port in your pfsense and you are good.
You did not read the official Seafile manual did you?
It seems that there are quiet a few manuals out there that people made that don’t know/understand the whole picture and share their half knowledge to confuse people even more…
There will be problem with SSL certs cause server have no official domain and two IP. I said that will be best solution static public IP and normal domain name but this idea was dismissed. So who loves to roam,may lose his home
I won’t support problems with setups that are not best practice. It is just not worthy our time in my opinion.
That’s true. But I said best practice. If they don’t want to use it should we ignore them? This is only security risk which was said. If they want to risk it then we can ignore next topic aka “Help my server was hacked”, but I get your mean
guys?? relax, u dont know my scenario. apologies but i know what i m tryna do. your settings will affect my congrate servers for my clients, and we not in states or any other developed country , we not using public ip or domain, i am planning some tracking software with help of seafile that why i am using it on http.
locally it works vpn on isp side it doesnt upload/download dat was my problem.
i respect your opinions but i am not using seafile as back up server but something else. owncloud and stf are working fine with the requirement i want but seafile giving me problem. that why i requested you guys to assist.
my humble apologies if i used wrong approach but i cannot use hhtps due to confidentiality and the government set up. but dont worry its not hackable nor it will will give problems. since we are only 4 branches who has internet with local wan ip in whole country.
It is still recommended to use a reverse proxy locally to only have one port, since those services should not be exposed directly. Even on http.