Query: How to forwarded https port correctly?

enok · January 15, 2024, 7:41pm

I have problem browsing my own webbserver from my own internal network. The webserver is externally visible through a port forwarding rule on my OpenWRT router. There must be some solution, can anyone help?

I have a webserver running on a host on my 192.168.10.0/24 network. My OpenWRT router forwards ports 80 and 443 from the external WAN to this host. I dont have a static IP so I use DDNS to www.mydomain.com. It works ok. However I cant access the webserver from hosts on my 192.168.10.0/24 net, because the port forwarding rule only forwards ports from WAN, not from my VLAN.

I could of course connect directly to the internal IP of my webserver, but then I get problems with my certificates which only matches the external FQDN.

I tried adding a similar port forwarding connections from my internal network, but then I got in trouble with what external IP to use as a match in that rule. Since my IP is dynamic it could change.

What is the solution?

McGiverGim · January 15, 2024, 8:17pm

In the advanced tab of the rule that you created in the firewall, did you enable nat loopback?

In theory, with this enabled must work.

enok · January 16, 2024, 3:33am

I do have that "Enable NAT loopback" checkbox enabled. See screenshot below.

Could it be a complication that I have the LUCI web gui running on http and https towards the internal network?

slh · January 16, 2024, 3:46am

The easy (and better) solution would be to override the DNS (A- and AAAA records) entries of your server locally on your router and replace them with your internal IP.

enok · January 16, 2024, 4:17am

Thanks @slh that worked for me!

system · January 26, 2024, 4:18am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.