Can't access domain name on local network but it's accessible whenever I'm on LTE

dylanteague18 · September 1, 2023, 2:56am

Hi again,

Previously, my router was properly configured to allow access to my domain name (panel.mydomainname.com) from within my local network. However, after tinkering with the settings and restarting the router multiple times today, it stopped working. Now, I can only access the domain when I'm outside my local network. I might have inadvertently altered a setting that led to this issue, but I'm uncertain.

I'm using a reverse proxy nginx server for reference and that is connected to a VPN. The local IP's on my network are forwarded through the VPN so the NGINX server can access them and the IP is then changed to my VPN's IP. This is because I need to bypass my apartments NAT which blocks me from opening ports.

Here are the results of nslookup for the domain name:

NGINX server (On VPN):

root@nginx:~# nslookup panel.mydomainname.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   panel.mydomainname.com
Address: 54.65.44.444 (fake VPN IP)

root@nginx:~# curl panel.mydomainname.com; echo
curl: (7) Failed to connect to panel.mydomainname.com port 80 after 43 ms: Couldn't connect to server

Windows Computer on my Local Network nslookup:

C:\Users\datea>nslookup panel.mydomainname.com
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    panel.mydomainname.com
Address:  54.65.44.444 (fake VPN IP)

OpenWRT Nslookup:

root@OpenWrt:~# nslookup panel.mydomainname.com
Server:         127.0.0.1
Address:        127.0.0.1:53

** server can't find panel.mydomainname.com: REFUSED

** server can't find panel.mydomainname.com: REFUSED

This is an overview of my network setup.

I currently do not have any firewall rules set for port forwarding and I'm using the default traffic rules that come with openwrt.

Here are my routing rules:

> I needed this so my NGINX server could connect to the internet.

vgaetera Helped me set this route up

I originally had Adguard Home setup for my DNS server but I disabled it while trying to fix this issue.
I did find some information about NAT Hair pinning but I'm unsure how to set that up with my setup and it's strange that now I actually need it whenever it worked before? Maybe it was a fluke that it worked?

Links to my last issues:
Routing/Port Forwarding Wireguard to Lan Network - Installing and Using OpenWrt / Network and Wireless Configuration - OpenWrt Forum
Openwrt Routing Lan to VPNLan to Wireguard - Installing and Using OpenWrt - OpenWrt Forum

dylanteague18 · September 1, 2023, 4:42am

config redirect
        option target 'DNAT'
        option src_dport '80'
        option dest_ip '10.0.4.246'
        option dest_port '80'
        option src 'lan'
        option dest 'vpnlan'

config redirect
        option target 'DNAT'
        option src_dport '443'
        option dest_ip '10.0.4.246'
        option dest_port '443'
        option src 'lan'
        option dest 'vpnlan'

This seemed to sort of fix it. I got access to my domains on my local network but lost access to my router.

That also seemed to have caused some cert errors:

Update:

config redirect
        option target 'DNAT'
        option src_dport '443'
        option dest_ip '10.0.4.246'
        option dest_port '443'
        option src 'lan'

This lets me keep access to my router but overwrites all of my certificates. The bing example above ^. I'm very close to a solution but I'm not sure what I'm missing

egc · September 1, 2023, 7:22am

You better use /etc/config/dhcp and set it like:
list address '/panel.mydomainname.com/10.0.4.246'

You can even use the GUI In the Addresses box add /panel.mydomainname.com/10.0.4.246

egc · September 1, 2023, 7:36am

I think you can also set the reflection zone in the redirect

dylanteague18:

config redirect
        option target 'DNAT'
        option src_dport '443'
        option dest_ip '10.0.4.246'
        option dest_port '443'
        option src 'lan'
        option dest 'vpnlan'
        option reflection_zone 'lan'     <<<<<<<<

dylanteague18 · September 1, 2023, 1:58pm

This is the error I get whenever I use that rule.

I did add this: option reflection_zone 'lan'

The domain name does work whenever I add that rule. It just kills my internet. It seems to be replacing my entire server's https certificate with the generate one from my domain name

dylanteague18 · September 1, 2023, 2:10pm

Are you talking about adding them here:

?

I did try adding my domain to that Addresses spot but I got no reaction from the nslookup even after restarting my computer, flushing my dns and rebooting the router.

dylanteague18 · September 1, 2023, 7:32pm

Got it working. I still don't understand why it was working before without this change.

I used adguard home and added
||*.domainname.com^$dnsrewrite=NOERROR;A;10.0.4.246

Adding rules similar to this in the Addresses section of openwrt would work as well it seemed.

system · September 11, 2023, 7:32pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.