Port Forwarding and local DNS

Smith_oo4
Grasshopper

At home, I have a server running a few web apps just for our family; Nextcloud, Grocy, etc. I have used Port Forwarding in my Shaw modem/router along with Let’s Encrypt and FreeDNS Dynamic DNS to make the web apps accessible outside our home. Recently we were upgraded to the Ignite WiFi Gateway modem (XB6) and I am having some issues with port forwarding and the limited setting available for configuring DNS. I was able to forward port 80 and 443 and can access the web apps outside the home network. In the past, I would enter a local DNS record to rout a request from inside the home network to the home server, so all traffic would stay local. This option or the option to use a different DNS server is not available in the new router. However, much to my surprise when on Wi-Fi the router seems to be smart enough to route the traffic locally. The issue I am having is with anything on a wire connection to the router, i.e. connected to the Ethernet port on the back of the modem. Anything connected this way can not access the web apps, the browser just times out.

 

Does anyone have an idea why this is happening and how to correct it?

Thank you

 

Labels (1)
0 Kudos
11 Replies

-- I was able to forward port 80 and 443 and can access t...

mdk
Legendary Grand Master

@Smith_oo4 -- I was able to forward port 80 and 443 and can access the web apps outside the home network.

Outside your network, Shaw's DNS-servers and FreeDNS Dynamic DNS will supply the public IP-address of your XB6 cable-modem. Then, port-forwarding will deliver the 80/TCP & 443/TCP to your web-server's "private" IP-address.

In the past, I would enter a local DNS record to route a request from inside the home network to the home server, so all traffic would stay local.

On one of your "client" computers, are you trying to connect to the "private" IP-address (10.0.0.xxx) of your web-server, or to the "public" IP-address supplied by FreeDNS Dynamic DNS ?

This option or the option to use a different DNS server is not available in the new router.

Correct. But, each of your "client" computers inside your network can be configured to use DNS-servers, such as 1.1.1.1 / 8.8.4.4 / 8.8.8.8 --- thus bypassing Shaw's DNS-servers.

However, much to my surprise when on Wi-Fi the router seems to be smart enough to route the traffic locally. The issue I am having is with anything on a wire connection to the router ...

That is unexpected behaviour by the cable-modem, if it really is anything the cable-modem is doing (or not doing).  Is your WiFi device using the same DNS-servers as your "wired" devices?

Is your WiFi device really connected to the SSID supplied by the cable-modem, or is it using cellular-data to access the Internet?

Anything connected this way can not access the web apps, the browser just times out.

Connected to your web-server via a "private" IP-address or the IP-address supplied by FreeDNS Dynamic DNS ?

 

0 Kudos
Reply
Loading...

Thank you,  I will attempt to answer your questions and p...

Smith_oo4
Grasshopper

Thank you, @mdk I will attempt to answer your questions and provide some clarification.

The minimum functionality I want is to be able to enter my domain into the URL of a web browser or app and have it connect to my web server, and for this to work both on the home network and outside of it. For efficiency, it would be nice if connections within the local network were made directly to the web server and not going to the router, i.e. the domain would resolve to the “private” IP (10.0.0.*) and not the “public” (65.59.*.*). Besides efficiency, this also gives the benefits of being able to use the ACME DNS-01 challenge to get valid SSL certificates for domains you only want accessible on the local network and helps with less than ideally written web apps they want to talk to themselves. However, it has been some time since I have had a need for any of these two options.

 

The functional I currently have is I can enter my domain into the URL, and this works for when the device is outside the home network or in the home network but on Wi-Fi. When the device is on the home network but using a wire Ethernet connection, it does not work and just times out.

 

I originally thought the router was rewriting the DNS for Wi-Fi connections, as in the web server log it was showing the connection was made from the “private” IP. In my prior router and before adding the local DNS rule, the web server log was showing the “public” IP. However, I no longer have this setup, and I am just going by memory, so I could be wrong here. I have done some testing using the dig command line tool and chrome’s DNS look up (chrome://net-internals/#dns) and my domains are not resolving to the “private” IP with. So, it looks like the new router is doing something else fancy to make the connection, or I am missing something.

 

So, my issues seem to come down to why can I not connect to the web server when I am on the local network with a wired connection, and why is it working when it’s a Wi-Fi connection.

 

I have confirmed that the Wi-Fi connection is on the local network. The devices are connected to the right SSID, have a 10.0.0.* IP and I have tested this on a laptop that does not have a cellular modem. Also, the Ignite HomeConnet app show the device is connected to the local network and the web server log is showing the connection was made from a local IP.

 

For devices with a wire connection, I can confirm they are on the same network. They have a 10.0.0.* IP, the Ignite HomeConnet app show them connected and most importantly I can connect to the web server using the “private” IP, i.e. I can get the test page. It is just being able to connect using the domain name that is not working.

 

You are correct, I could manually change the DNS server on each individual “client” or add an entry into the host file. This maybe the solution, however it would be nice to have a central solution, and it is kind of disappointing that Shaw remove so much functionality with this router upgrade.

 

Thank you

 

0 Kudos
Reply
Loading...

The Ignite Gateway doesn’t support nat loopback, I am not...

rstra
Grand Master

@Smith_oo4  The Ignite Gateway doesn’t support nat loopback, I am not sure why your laptop on wifi is able to connect using the domain, maybe your hosts file was changed for the device.

0 Kudos
Reply
Loading...

--  When the device is on the home network but using a wi...

mdk
Legendary Grand Master

@Smith_oo4 --  When the device is on the home network but using a wire Ethernet connection, it does not work and just times out.

I have never disassembled the router, but I suspect that it is a "two-in-one" device -- one network adapter for its LAN & WAN Ethernet sockets, and another network adapter for its WiFi capability. So, is there some "bridge" between the two network adapters that makes connection-via-WiFi work?

Equally, I have never reverse-engineered the software inside the router, to see if that software is not capable of "Ethernet-to-Ethernet" connection that @rstra calls "loopback".

That's the limit of my knowledge about the router.  Sorry to not have a bypass/solution for you.

 

0 Kudos
Reply
Loading...

Interesting   However, I am not sure what to say. I have...

Smith_oo4
Grasshopper

Interesting

 

However, I am not sure what to say. I have checked the Wi-Fi connection on iPhone/iPad, Android phone, Windows and Linux Laptops and not made any changes to hosts files or the like. They all seem to work, and the web server log shows the connection coming from a “private” IP.

 

Thank you

0 Kudos
Reply
Loading...

--  No worries and thank you for your input.

Smith_oo4
Grasshopper

 @mdk --  No worries and thank you for your input.

Reply
Loading...

I should have described Nat Loopback, AKA Hairpin NAT / N...

rstra
Grand Master

@mdk @mdk 

I should have described Nat Loopback, AKA Hairpin NAT / NAT Reflection, in my last post. 

NAT loopback is a method using NAT to provide access to services via the public IP address from inside the local network. 

0 Kudos
Reply
Loading...

And no VPN running on those devices?

rstra
Grand Master

@Smith_oo4  And no VPN running on those devices?

Reply
Loading...

No VPNs One of the laptops has a VPN, and as expect is sh...

Smith_oo4
Grasshopper

No VPNs

One of the laptops has a VPN, and as expect is show a "public" IP when connecting. When the VPN was turned off it would behave as the rest of the devices.

Reply
Loading...