backrouting (or whatever it is called)

Discussion in 'Networking, Telephony & Internet' started by callan, Mar 5, 2020.

  1. callan

    callan Member

    Joined:
    Aug 16, 2001
    Messages:
    4,879
    Location:
    melbourne
    Media server, LAN address 192.168.0.100, port address 5000
    WAN address 12.34.56.78.
    LAN subnet 192.168.0.0/24
    Port forwarding rules map access to 12.34.56.78:5000 to 192.168.0.100 .
    Media server is accessible and works tickety-boo remotely. Pointing media player remotely to 12.34.56.78:5000 works perfectly.
    HOWEVER!

    Attempting to access 12.34.56.78:5000 whilst connected to the LAN fails. The WAN interfaces can be pinged, but it seems port forwarding rules are not applied when "backrouting" though the local interface.

    I know there is a term for this routing ability, but I can't for the life of me remember what this routing behavior actually IS..

    Can I be enlightened?
     
  2. chip

    chip Member

    Joined:
    Dec 24, 2001
    Messages:
    3,837
    Location:
    Pooraka Maccas drivethrough
    NAT loopback or hairpin is probably the label you're looking for
     
    Hive likes this.
  3. OP
    OP
    callan

    callan Member

    Joined:
    Aug 16, 2001
    Messages:
    4,879
    Location:
    melbourne
    Thanks. That's it: exactly what I was after.
    Router claims to support it. Seems not....

    Callan
     
  4. Doc-of-FC

    Doc-of-FC Member

    Joined:
    Aug 30, 2001
    Messages:
    3,377
    Location:
    Canberra
    Split zone DNS is the correct solution here, an internal IP is returned for the hostname inside the network, outside you get the WAN ip.

    Not all applications support hairpin due to the application sometime advertising its IP inside the network protocol and with routers being stateful firewalls, they drop the traffic.

    it might be worth looking to see if your router supports DNS overrides and DynDNS or an equiv.

    Use the DynDNS service to update a hostname for the routers internet IP - Outside access accomplished
    Use the Router to override the DNS internally, resolving the same hostname to the LAN IP of the media server - inside access accomplished.

    pfSense will do this with unbound.
     
    Hive, chip and NSanity like this.
  5. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,865
    Location:
    Canberra
    FWIW I do splitdns w/ Emby and my password server at home... Works a treat.

    Also isn't 5000 Synology? I wouldn't be putting Synology on the public facing web...
     
  6. OP
    OP
    callan

    callan Member

    Joined:
    Aug 16, 2001
    Messages:
    4,879
    Location:
    melbourne
    No, 5000 is not synology. Just a random port far too many companies use for their service.
     
  7. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    4,890
    what router you running?
     

Share This Page

Advertisement: