NAT loopback aka. Hairpin NAT? | Off Topic | unofficial empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

You are not logged in. [Log In] empegbbs.com » Forums » General Discussion » Off Topic » NAT loopback aka. Hairpin NAT?

Topic Options

#367761 - 22/10/2016 00:28 NAT loopback aka. Hairpin NAT?
mlord carpal tunnel Registered: 29/08/2000 Posts: 14478 Loc: Canada	I've been playing with Wifi routers of late, running stock, Tomato, DD-WRT, Merlin. Something I cannot for the life of me do, is get any of them to do NAT loopback correctly. Specifically, I want accesses to port 80 on the public (internet facing) IP address to be looped back through an established port-forward to an internal web server. And I want that web server to see them as COMING FROM THE INTERNET, not the LAN. Most of them pretend to do it for LAN clients, but the web server just sees the requests as coming from the LAN IP of the router, not from an external IP (eg. the public IP). Okay, fine, I can live with that. But what we really need, is for the "guest WiFi" clients to be able to access that same web server. None of the firmwares do this, and my best attempts thus far at just adding the standard PREROUTING/POSTROUTING rules have no effect whatsoever. Anyone out there grok this stuff? I certainly don't.
Top

#367774 - 23/10/2016 16:50 Re: NAT loopback aka. Hairpin NAT? [Re: mlord]
presslab journeyman Registered: 29/07/2008 Posts: 73 Loc: North Bay, CA	I usually use a static DNS entry that gives the machines behind the router the local IP address. YMMV
Top

#367775 - 23/10/2016 17:43 Re: NAT loopback aka. Hairpin NAT? [Re: mlord]
tfabris carpal tunnel Registered: 20/12/1999 Posts: 31565 Loc: Seattle, WA	I've worked at enterprise-level software companies that couldn't do hairpin turns like that on their routers. I think you're looking for something pretty high level. _________________________ Tony Fabris
Top

#367776 - 23/10/2016 20:20 Re: NAT loopback aka. Hairpin NAT? [Re: mlord]
BartDG carpal tunnel Registered: 20/05/2001 Posts: 2616 Loc: Bruges, Belgium	I don't know much about this, but I've seen that Ubiquity's Edgerouter series supports that. Even the LITE series which are less than $100. Of course, those don't have a WiFi access point built in... _________________________ Riocar 80gig S/N : 010101580 red Riocar 80gig (010102106) - backup
Top

#367777 - 23/10/2016 21:03 Re: NAT loopback aka. Hairpin NAT? [Re: mlord]
mlord carpal tunnel Registered: 29/08/2000 Posts: 14478 Loc: Canada	Yeah, perfect support for this thing is definitely a rare beast. My own motivation for pursuing it is our guest Wifi -- it can access anything on the internet, but not the webserver in the same room as the user. Doh! I think I can fix this with a combination of router re-configuration and some firewall rules on the webserver itself. Cheers
Top

#367778 - 24/10/2016 11:07 Re: NAT loopback aka. Hairpin NAT? [Re: mlord]
Roger carpal tunnel Registered: 18/01/2000 Posts: 5680 Loc: London, UK	Originally Posted By: mlord guest Wifi -- it can access anything on the internet, but not the webserver in the same room I used some firewall rules to make the server accessible on its internal IP from the guest network, and (optionally) split horizon DNS to make the name resolve differently for internal vs. guest clients. _________________________ -- roger
Top

#367779 - 24/10/2016 14:39 Re: NAT loopback aka. Hairpin NAT? [Re: mlord]
mlord carpal tunnel Registered: 29/08/2000 Posts: 14478 Loc: Canada	But does the server then know that the connections are less-trusted "external" ones, or does it think they are coming from semi-trusted internal machines? Can it tell the difference? That's where all of the solutions I've found thus far fall down.
Top

View All Topics