I can reach my server using the internal ip (10.0.0.x), but not from the public address ( 68.32.x.x), nor from the domain name (xxxxxxx.freedombox.rocks)
Steps to Reproduce
- Login to FreedomBox using internal ip - everything normal.
- try https://xxxxxx.freedombox.rocks: error message:
"This site can’t be reached xxxxx.freedombox.rocks took too long to respond.
Checking the connection
Checking the proxy and the firewall
- My router (Comcast / Xfinity) allows port forwarding and assigning a device to DMZ, so I put the server in the DMZ zone, and also forwarded 53, 80, 443, just in case.
- My router has one public IP that is the same for all devices - I used IPchicken to figure out what it was. I can ping that address. FUNNY: I CAN ALSO PING XXXXX.FREEDOMBOX.ROCKS ! I set up the Dynamic DNS feature in Freedombox and pointed it at this public ip. If I do: https://ddns.freedombox.org/ip, it returns a very long address (not IPV4) - but when I plug this into a IPV6 converter, it says it isn’t valid, and so does ddns (?).
- Let’s encrypt says things are great.
- so does the ddns service page in freedombox
- Edit to add: I just noticed I can reach my server via domain name if I go through Brave (Chrome) using a Tor window. (?).
I expect to be able to reach my freedombox in my browser using the domain name xxxxxx.freedombox.rocks
I can only reach my freedombox using the internal ip 10.0.0.x
What else should I try / what other info should I share?
Thanks for any help!
I did some further testing after I found out I can reach my website through TOR -
I tried from my cell phone - I turned off wifi, and tried using a 4G connection (public internet), and I can reach it through there!
Then I found this: I can't access my site but everyone else can (only my IP address doesn't work) | DigitalOcean
It looks like my router DNS is stuck or something (I don’t know the technical terms) - looks like I need to either clear the cache on the router or just wait.
I’ll wait a day, then report back - then probably this issue can be closed!
This phenomenon is called NAT loopback. There are some ways to get around it.
- You can use another router: TP-link is a good choice in my opinion, as all the models support it out of the box.
- You can also edit the hosts file on your computer like:
Changing the DNS on my device, as suggested in the discussion you linked, never worked for me, and I wouldn’t like Google (22.214.171.124) nor CrimeFlare (126.96.36.199) to be my DNS.
Ok, so yes, I think that’s what’s going on. I checked with my provider (comcast), and looked at the router - it looks like the router CAN support NAT loopback, but Comcast has it disabled. And they won’t enable it even for business customers, from the posts I could find.
I can still hit the box internally using the internal / local IP. The only thing I can’t do from my home system is run the control panel, since it denies access using the IP. But there is a workaround - just open a TOR window (in Brave / Chrome), which anonymizes my IP (I think), and fools my router into thinking the request is coming from outside the network.
So, this isn’t a freedombox issue - can we mark it resolved with the workaround?
Thanks for the support!