Port Forwarding, NAT two routers

Hi Community,
i was looking around the internet for hours now. I try to describe my topic. Hopefully someone knows what might be the right setting.

My Scenario:
DSL (public Dynamic IP) on the WAN interface of the DSL Router AllNet All-BM.
Then the internal Interface with static 192.178.178.1 is directly connected to an Openwrt router (WAN: 191.168.178.8) and LAN: 192.168.1.1. On the local Lan on the IP: 192.168.1.12 is my destination Server located.

So, did a Portforwarding from the WAN Allnet to the LAN(WAN) of the OPENWRT and here a Portforwarding to the local device 192.168.1.12.

I use dynamic DNS and an host.ddnss.de(443 &80) to reach the machine on 192.168.1.12 -> This Works like a charm :slight_smile: If i am outside my local LAN.

If i try to reach the host.ddnss.de from inside the local LAN. I get an timeout. I can only reach the 192.168.1.12 if i use the local IP or the name which is different then the host.ddnss.de.

In the Openwrt router i have enabled NAT Loopback with Option to use External IP.
Switched this Option to internal makes no difference.

Is there a way to tell my default -Gateway (Openwrt Router 192.168.1.1) that it should resolve the host.ddnss.de from local lan?

If i traceroute i can see that the first hop is the 192.168.1.1 and 2nd the public IP of host.ddnss.de
So it seem the Openwrt does all right but if i try to connect in browser (LAN) to it give me an timeout.

Maybe there is an DNS Problem but i dont have any idea unfortunately.

Thanks for Ideas on this :slight_smile:
Jens

You could rebind myhostname.ddnss.de to the LAN IP address of the server.

uci add dhcp domain
uci set dhcp.@domain[-1].name="myhostname.ddnss.de" #Set the correct FQDN
uci set dhcp.@domain[-1].ip="192.168.1.12"
uci commit dhcp
/etc/init.d/dnsmasq restart

If you insist on the NAT loopback approach, we'll need to see the current firewall rules.

iptables-save -t nat -c; nft list ruleset
2 Likes

Hi Pavel, thanks for your reply. I will try that :slight_smile: and come back

Hi Pavel,
works like charm :slight_smile: i dont understand why but its great . Thx
Maybe you can give me a bit explanation?

thx
br
jens

Rebinding the domain name causes dnsmasq to resolve (for LAN clients) the FQDN to your machine's private IP address instead of the router's public one.

This is the better approach since NAT is not used for local clients.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.