Arch Linux server: setting up DNS to access it via external IP

vlast777 · 2016-09-05 10:07:24

Hey there,

I have an Arch Linux server up and running in my LAN. It contains a LAMP server which is hosting a simple web app which I use from time to time.
From outside my network I can access it using the domain foo.bar.net (as an example) but inside my network I need to use its internal IP address because my router does not support hairpin NAT (for security reasons...).

This results in me needing to turn off the WiFi on my smartphone everytime I want to access the application which is kind of annoying. I read through the Arch wiki but somehow I still didn't manage to configure a DNS server propably. I tried dnsmasq but I guess I made some mistakes in its config files because it didn't do what it was supposed to.

Now what I want is a DNS server running on the same server as my LAMP which redirects all requests from all clients inside my network to the foo.bar.net domain to the internal IP address, so that basically my app is reachable from inside and outside the network using the same URL.

What is the easiest way to achieve this?

Thanks in advance!

graysky · 2016-09-05 11:07:40

Generally, one forwards the port to be accessed to the internal IP on the router. Not sure if that is what you're referring to as "hairpain NAT."

vlast777 · 2016-09-05 11:17:02

graysky wrote:

Generally, one forwards the port to be accessed to the internal IP on the router. Not sure if that is what you're referring to as "hairpain NAT."

I think it is also called NAT Loopback.
Don't get me wrong, I can access my server from outside. The ports are forwarded properly.

The only thing wrong is, that I need to type my internal IP when I want to access it from within my network, but I want to connect to it by the domain like I do it from outside as well.

graysky · 2016-09-05 11:32:39

vlast777 wrote:

I need to type my internal IP when I want to access it from within my network, but I want to connect to it by the domain like I do it from outside as well.

That should work so long as you have apache configured properly. Alternatively, just use the FQDM once the correct port forwarding is setup.

vlast777 · 2016-09-05 11:38:06

graysky wrote:

vlast777 wrote:
I need to type my internal IP when I want to access it from within my network, but I want to connect to it by the domain like I do it from outside as well.
That should work so long as you have apache configured properly. Alternatively, just use the FQDM once the correct port forwarding is setup.

It works if I put something like

192.168.2.222     myDomain.net     LinuxServer

in the /etc/hosts file of the computer from which I try to access the webserver.
Otherwise it tells me that the page could not be found.

But I don't want to edit the hosts of all of my devices. I want the server to forward all request to myDomain.net inside my network to 192.168.2.222

graysky · 2016-09-05 11:43:47

Never did that. Perhaps someone else will suggest how. I have setup apache to work on my internal ip or FQDN before. For sshd connections, I registered on http://freedns.afraid.org and simply sshd'ed to that.

Last edited by graysky (2016-09-05 11:44:25)

ewaller · 2016-09-05 16:07:58

What are you running as a router? The easiest solution would be to fix it there. DD-WRT, openWRT, ASUS-Merlin all are Linux based making it possible. I presume your router itself is the LAN's DNS and you are probably using DHCP through a server on the router as well. To use an alternate DNS on the LAN, you need to tell the router to specify the alternate NAT server in the DHCP negotiation, or you need to manually configure every computer on the LAN anyway.

Can you explain the "security reasons" on the hairpin NAT? I am not an expert in LANs, but I don't see the vulnerability. The only concern I see is that all access to myDomain.net from inside the LAN will go to your server (all ports, not just the forwarded port) But anyone on the LAN can do that already by accessing it directly.

The real simple solution is to spin up an AWS and make it myDomain.net. Have it forward traffic to you router's IP.

fukawi2 · 2016-09-05 22:02:18

graysky wrote:

Not sure if that is what you're referring to as "hairpain NAT."

Hairpin NAT is enabling a DNAT without specifying the source interface/network (ie, if the router's eth1 is the LAN, then instead of only DNAT'ing traffic from eth0 to the internal server via eth1, it will also DNAT traffic in eth1 back out eth1).

The normal solution to this without hairpin NAT is Split-horizon DNS, but the simplest solution for a small network is enabling hairpin if you can.

Arch Linux

#1 2016-09-05 10:07:24

Arch Linux server: setting up DNS to access it via external IP

#2 2016-09-05 11:07:40

Re: Arch Linux server: setting up DNS to access it via external IP

#3 2016-09-05 11:17:02

Re: Arch Linux server: setting up DNS to access it via external IP

#4 2016-09-05 11:32:39

Re: Arch Linux server: setting up DNS to access it via external IP

#5 2016-09-05 11:38:06

Re: Arch Linux server: setting up DNS to access it via external IP

#6 2016-09-05 11:43:47

Re: Arch Linux server: setting up DNS to access it via external IP

#7 2016-09-05 16:07:58

Re: Arch Linux server: setting up DNS to access it via external IP

#8 2016-09-05 22:02:18

Re: Arch Linux server: setting up DNS to access it via external IP

Board footer