Access internally hosted website from inside LAN using FQDN (NAT loopback?)

jmandawg · August 16, 2021, 10:07pm

Hi,

I'm trying to connect to my domain name "www.example.com" from inside the LAN but it fails. But it works fine if i'm not connected to the LAN.

For example:

my external IP is 3.3.3.3
my domain name www.example.com resolves to this 3.3.3.3 ip address.
Inside the LAN the webserver is at 192.168.1.3 port 8080
I have a port forward for anything coming in the WAN on port 80 -> 192.168.1.3:8080

When i access www.example.com from my cell phone with wifi turned off it works fine.

When i enable wifi on the cell phone and i'm connected to the LAN and i attempt to connect to www.example.com domain it times out.

What is the best way to resolve this?

It worked on the stock netgear firmware.

Thanks.

frollic · August 16, 2021, 10:16pm

i guess you should try to use www.example.com:8080 or LAN-IP:8080 when accessing from the LAN side ?

jmandawg · August 16, 2021, 10:26pm

that gives me a connection refused error.

vgaetera · August 16, 2021, 10:28pm

Rebind the domain name to the server LAN IP:
https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#hostnames
And make sure to specify its LAN port in the URL.

jmandawg · August 16, 2021, 10:46pm

Unfortunately i still get a connection refused. Here is what was added to /etc/config/dhcp

config domain
        option ip '192.168.1.3'
        option name 'www.example.com'

And from browser i tried to access: http://www.example.com:8080

vgaetera · August 16, 2021, 11:13pm

Verify that your LAN IP range is not filtered in the web server config.

jmandawg · August 17, 2021, 1:53am

It's not i can access it directly at http://192.168.1.3:8080 (although it brings me to the root website since it's missing the domain name header)

vgaetera · August 17, 2021, 2:03am

Each site in httpd typically has a separate config which can use a different set of allowed IPs.

frollic · August 17, 2021, 6:47am

did you restart dnsmasq afterwards ?

jmandawg · August 17, 2021, 2:38pm

I'm actually using nginx inside a docker container on a different server not httpd.

Yes i restarted dnsmasq, but I have dns setup to use google DNS.

I since the hostname is resolving to the external IP, I guess the real problem is how to use external IP address from inside the network.

frollic · August 17, 2021, 2:45pm

set a rule on the outgoing traffic, to redirect to 192.168.1.3, or change the DNS.

jmandawg · August 18, 2021, 3:44am

So in Luci, under interfaces->devices -> "br-lan" device, when i check the box for "promiscuous mode" then it works.

Is there any downsides to enabling promiscuous mode on the br-lan?