I have a NanoPi R4S acting as my main router. It forwards 443 traffic to a web server in a Raspberry Pi. I also have a domain registered pointing at my IP. Before, I had my traffic proxied through Cloudflare but it's giving me headaches with other stuff and I've disabled the proxy, so Cloudflare now points my domain straight to my WAN IP (DNS-only mode). The problem is, since I've made this change, I can't connect from my LAN to my domain, it times out. It seems to be a routing or firewall problem because when I am connected to my VPN interface (running in the same router) I don't have problems connecting to my domain. I've tried disabled NAT loopback or changing it to external IP, but it doesn't work. What could be wrong? Thanks for any help.
You actually need a "hairpin rule" - loopback actually does what you desire; but the OpenWrt check box works only for the SRC itself (i.e. the server - e.g. if you ran II$ on Window$, you could browse from the same machine). Here is a sample rule to redirect for your entire LAN.
You could make a DNS setting on the OpenWrt; but that requires all clients to exclusively use the OpenWrt for DNS.
Thanks for your help, but the hairpin rule doesn't seem to work. It still times out. I don't know what could be wrong.
Usually it's easier to redefine the A and AAAA records of your external domain in your router (dnsmasq override) to their internal IP.
Sounds like it might be what I need. Could you point me to a guide? I've tried in Luci (Network > DHCP and DNS > Hostnames) but it doesn't seem to work.
dnsmasq.conf
# Add domains which you want to force to an IP address here.
# The example below send any host in double-click.net to a local
# web-server.
#address=/somedomain.net/192.168.1.2
luci has a hostname page.
Thank you both for the help. I went the dnsmasq.conf route but it still won't work. My best guess is that the RPi web server nginx reverse proxy is in a redirect loop since visiting it from its IP redirects you to its domain, which dnsmasq then redirects to its IP.
EDIT: I disabled the nginx redirect and it still won't work. I'm out of ideas.
Restarted dnsmasq after making the changes?
Yes. Traceroute reports the LAN IP.
Did you ever figure this out?
I have almost the same config and problem.
NanoPi r5s with FriendlyElecWrt
That ain't Openwrt, ask the friendly people over at FriendlyWRT.
Yes it is.
OpenWrt 23.05.2 r23630-842932a63d / LuCI 7739e9f5b03b830f51d53c384be4baef95054cb3 branch git-23.334.41070-5484b36
if they were the same, they wouldn't need to call it FriendlyWRT, would they ?
if you want proper openwrt, it's at https://firmware-selector.openwrt.org/?version=SNAPSHOT&target=rockchip%2Farmv8&id=friendlyarm_nanopi-r5s
It's called "branding". As I've said above, the OS is clearly OpenWrt 23.05.2
But if it makes you feel better, we'll just say your right.
And as a side note - I was not addressing you. I was addressing the OP directly, not you. But thanks for your help.
absolutely, and the fact it runs kernel 6.1.x while "real" openwrt 23.02 uses 5.15 doesn't bother you at all, I guess ?
yeah, it's only "branding".