also i am not sure, as everything worked before i changed isp router;;; so the issue has to be in the isp router not openwrt... as nothing was touched in openwrt settings..
I also tried to untick rebind protection but didnt help.
Actually the correct place to add the hostname is Network/Hostnames
Although, if the homeassistant is getting its settings by dhcp, you could enable the dns option for the static lease entry, so that the hostname will be automatically added when HA is connected.
Ummmmm...isn't "Hairpin NAT" an analogous term for the OpenWrt term "NAT Loopback"???
Using this firewall rule as an e.g. - it allows access to an HTTP server using its public IP or global hostname (which should resolve to its Public IP) from LAN:
Rebind protection means someone setup a LAN IP in the global DNS...that may be likely; but usually NOT the case - because this can cause security issues if not really needed.
The most common use case would probably be for routers connected to networks with Private IP address and internal DNS servers giving out Private IPs of Private servers (i.e. no Public Internet).
i dont understand whats the issue at all ,, all these posts are incomplete / no final solution just broken pieces of information.
so basically there is no solution for a case that was fully working? As it doesnt work apparently something is broken.
Its primitive port forwarding; works for other services but yes i cant access my hass from local network. as mentioned in above posts they are clearly saying that hairpin nat has to be enabled ...
At this point of setting up we need to check one capability of your router: Hairpin NAT (otherwise known as NAT reflection or NAT loopback). What this means is the ability of your router to mirror a request from its inside (LAN) interface to its outside (WAN) address back to an internal IP address (in this case, your Home Assistant), thus reflecting or hairpinning the traffic. It's easy to check if this works: Just open a browser on your phone or PC while connected to your home network and opening http://my-home.duckdns.org:8123 - if it works, you have hairpin NAT working and can go on to the next section. Most current routers will support NAT hairpinning out of the box, there are however some routers (especially if you got your router from your ISP) that do not have this ability or have it disabled. If this is the case, you need to check if you can enable it on your router or, if you can't, you will need to set up Split Brain DNS.
I thought I said that you should check the device that was actually touched when the problem occurred - the ISP router. If you want to troubleshoot the OpenWrt needlessly, my apologies, I didn't understand you may be exhausting options with the device that was working.
My bad and apologies for interrupting, as I see you have a similar rule.
If you haven't provided that information from the new ISP router...but that's not related to OpenWrt. I would verify that not that you have this new ISP that you actually have public IP address.
Or...you can say it only works for the single IP you set (e.g. you setup a personal webserver on your desktop, and test from the desktop)...but sure, call it "broken".
As I noted:
This works exactly as people desire (I assume those calling it a bug need the developers to identify exactly what each person else wishes to redirect - besides the IP itself, without creating a security hole).
as i can ACCESS my local ip from Internet it means that dns record correctly matches my isp router IP and isp router correctly port forwarding it to local IP
repeating again i cant just access it from within local computer.