Hello all,
I’ve been watching L1 for some time, and finally have a good reason to reach out and ask for some help. I was very glad to remember the forum exists!
I’m currently attempting to set up port forwarding with my PCEngines APU-based router, running OpenWRT. Luckily, Xfinity had been kind enough to give me a proper public IP, so that part’s already done.
After much poking around in settings, I eventually found the port forwarding settings, forwarded 80, 443, and 42069 (for a modded factorio server for me and some friends), and have my domain pointed at my public IP. Public SSH access to my server is turned off, all is fine and dandy.
… Until I attempt to use my domain name for forwarded services on my home network.
My domain is active and available from mobile, and from my secondary internet connection (we just moved, signed up for internet before we got out here not knowing it was DSL, and still have both open because the coax option has a data cap). The server is accessible from within the netwrok as well, and LAN is set for a valid reflection zone.
I know enough to know I’m definitely missing a configuration setting, and have googled for a resolution for a while with no results. I even asked my (formerly) local LUG, in hopes of getting a suggestion, with the only relevant response being “all I know is that can be annoying to do”. Nothing wrong with that, just somewhat disappointing.
Here’s hoping the lovely people here can have suggestions! Thank you all for your time.
I don’t know how to do it specifically on openwrt but the problem is when you use your domain name it will return your public IP address and not the local address. The ways around this are to enable NAT reflection or configure your local DNS server to use the same domain name as your public domain and set the local IPs for the hosts you are trying to connect to. Alternatively if you don’t want to change your local domain name you can set domain overrides to use the local address for each host you’re trying to connect to using the public domain name.
Unfortunately, NAT reflection is already enabled… I suppose overriding the local DNS would be wise, although I would need to write such an override with some form of wildcard, as I use several unique subdomains.
I was hoping for a solution that didn’t involve too much more networking rejiggering, and it would be a setting I missed in OpenWRT (or not available in the GUI), but I will definitely keep this in mind. A foolproof fallback is always warranted, and appreciated.
You would just do one for each subdomain, a wildcard would work if everything is on the same server but either way using DNS overrides or changing your local domain to match your public domain would be my choice, NAT reflection can be buggy. DNS is a fairly important part of networking so it’s worth learning and doing it properly.
Whelp… Since I’m not exactly up for shelling out for another router (I already have like 4, and most of them are half-working; call me a believer in lost causes)… Guess my next option is pfSense/opnSense… Here’s hoping there’s a serial console installer ig…
KISS… I would make sure that people on the WAN side are ok and on the LAN side just use the HOST file and point yourself to the server. After all, you don’t have 1k machines on your LAN… And nat ref won’t be needed.
Alternatively, if your openwrt is doing DNS, you can add a domain per local ip in Network / DHCP and DNS
imho.
PS
Pi-hole can also do the trick instead of nat-ref.
