I have a Pioneer running Freedombox 22.15 plugged into a router with DMZ. My setup has worked fine until today, but I’m currently not able to connect to my freedombox.rocks domain from the local network. The status of dynamic DNS (GnuDIP) in plinth/sys/dynamicdns is “Failed” due to a connection timeout. My hostname at ddns.freedombox.org points to the correct external IP, and I’m able to connect to my freedombox.rocks domain from any other network. I read somewhere on the forum that DMZ can cause issues on a local network, so I tried setting up port forwarding instead, but the issue persisted. Checked the update logs - packages gsasl-common and libgsasl7 were updated last night without any error messages. Any suggestions?
For some reason when you send a query out onto the WAN with a destination IP the same as the source IP, it doesn’t work. I forget the specific explanation for this, but essentially you need to redirect the traffic before it leaves your network if the website you want to access is hosted on the LAN.
The feature you need to implement is called hairpin NAT, or NAT loopback. It is basically a table that sits between the traffic on your local network and the gateway that says "send any traffic for 184.108.40.206 to 220.127.116.11”. Any devices on the local network still get served the website normally, because it comes over the local network (from 18.104.22.168) instead of passing out to the WAN.
Unfortunately a lot of common SOHO routers do not offer this feature, so if you are not finding such a thing in your admin portal it might be because it is missing. My router does not offer this feature, but I run a PiHole on my network that handles DNS and thankfully it is a feature they have incorporated (“Local DNS Records” table, configured as domain → IP address).
If these options are not available to you, another option is adding an entry in
/etc/hosts. Just scroll down to an empty line and type your IP and domain like so:
192.168.1.10 foo.mydomain.org 192.168.1.13 bar.mydomain.org
The downsides to this method include:
- Each device on the network will need to take this configuration separately
- If it is a device you will take off the network (a laptop for example), you will have to comment out the line to access the site from an external network
Another workaround is to just use the local domain when you are on the local network (freedombox.local, or whatever yours is configured to be), and only use the other domain on external networks.
Thanks for your help and advice @BluishHumility - access to the domain works again today without any changes made, so possibly just a temporary hiccup. Will keep your pointers at hand in case this comes back to bite me again:)
It sounds like your problem was something unrelated to what I was going on and on about!
In any case I’m glad to hear the issue is resolved, and welcome to the community.