1

I'm using OpenWRT (linux based) on my router. The router has a local IP and a public IP. I have a dyndns name assigned to the public IP. The router is forwarding several ports (e.g. ssh and https) to my local server.

Goal: Use the same URL to access the server, no matter if the client is inside or outside my local network.

From the outside: When I send a request to the public IP. The request gets forwarded to my internal server. Everything is fine

From the inside: When I send a request to the public IP, it ends up on the internal interface of the router. Thus the port forwardin does not work.

When scanning the local IP of the router with nmap from the inside, I get the same results as for the public IP from the inside. So it seems that when I access the public IP from the inside, the traffic still ends up on the local IP.

What can I do to access the server with the same url inside and outside my local network?

Edit:

  • The name resolution is working fine.
ChrisK
  • 85
  • 2
  • 7

3 Answers3

2

The easiest thing to do is to setup an internal DNS server that resolves the hostname of your site to the internal IP address.

In the alternative, you can enter an /etc/hosts entry (or equivalent) on your client machine and achieve the same result.

dmourati
  • 25,540
  • 2
  • 42
  • 72
  • The name resolution is not the problem. This is working fine. My problem is that the traffic for the external IP ends up at the internal IP. – ChrisK Jul 21 '13 at 09:32
  • You're not getting it. If you short-circuit the name resolution to resolve to the internal IP instead of the external IP, you avoid the NAT and solve your problem. – dmourati Jul 21 '13 at 18:38
  • Ah now I see. Yes this should work. I just need to replicate some of the port mapping from the router to the server as the server does not offer all of the services on the same ports as the router... – ChrisK Jul 22 '13 at 21:05
  • Nice. We use iptables to do this but use whatever works on your server to accommodate the ports/rewrites/etc. – dmourati Jul 22 '13 at 21:52
2

You need name resolution to work differently from inside and outside the network. Your dyndns entry will route to external IP. Firewall routes are different from inside and outside the route.

Add you dyndns name with the servers IP address to the local hosts file on OpenWrt and the dnsmasq DNS service should override the entry from the Internet. If you have it configured correctly, your name should resolve to your server's IP address from inside your network, and your external IP address from outside the network.

It is possible to configure hairpin NAT, but it is relatively difficult and fragile.

BillThor
  • 27,737
  • 3
  • 37
  • 69
1

You could use "view" in bind

acl "local_net" {
      192.168.0.0/16;
};

view "internal" in {

    match-clients { local_net; };
    recursion yes;
    additional-from-auth yes;
    additional-from-cache yes;

    zone "example.net" in {
        type master;
        allow-query { local_net; };
        allow-transfer { none; };
        allow-update { none; };
        file "master/example.net";
    };
...
}

master/example.net

@       IN      SOA     ns.example.net. root.example.net.  (
                                2013072101      ; Serial
                                3600            ; Refresh
                                900             ; Retry
                                3600000         ; Expire
                                3600 )          ; Minimum

@               IN      A       192.168.127.1
www             IN      CNAME   example.net.

With such settings all you local clients will get internal ip address for your public domain name. Also you can resolve issue with iptables, but it would be more complex solution.

ALex_hha
  • 7,193
  • 1
  • 25
  • 40