You are not logged in.
Hi, I have an arch server hooked up to my home network and an xfinity router from comcast. And I'm looking to emulate or work around hairpin NAT because I want to access the server from my external IP address from home (and my router doesn't support hairpin NAT). I'm trying to come up with a solution that doesn't require me to get a second router or an additional computer (other than the server) for dns.
The problem I'm seeing is that if I am accessing my external IP or my domain name from my home network, the requests do not go through (as expected...). I have been trying to see if I could use avahi/mdns to have my server intercept those requests (again, coming from other computers on my home network) and short circuit. This is proving difficult because I'm still learning how to set all this stuff up and also because I'm not sure if theoretically this will accomplish what I need.
Does anyone have advice or know of any software package/setup that can help me with this problem?
================
I've been referencing the avahi page: https://wiki.archlinux.org/title/Avahi
And the man page docs for configuration. I replaced "mdns_minimal" with "mdns" and tried to add a line to my /etc/avahi/hosts file, something like "127.0.0.1 my-external-domain.com" (avahi is on the server itself, so that's why I used 127.0.0.1), but this is not working. I think I need to do a bit more to have it functioning properly but also don't think this is the right direction...
================
Any help is appreciated. Thanks!
Last edited by Cory Parsnipson (2024-12-17 09:45:11)
Offline
I see several ideas:
- DNS: don't use IPs but only hostnames and have DNS resolve them into local IPs
- inject the route: route all traffic through the server as first hop and let it handle to either forward it via the router for outbound or local only
- the aboth but actual routing by using a second nic on the sever and by this using it as a router
- different modem - maybe your ISP offer a dufferent one or allows you to hook up your own hardware
Offline
I can live with just referring to everything using hostnames.
I actually think I'm fine with just using the .local name of my server to access it when I'm inside the network. There probably won't be any situations where using that versus the external domain name would cause an issue. And I can just go outside and connect from another network to check occasionally.
On the other hand I was digging a little more into avahi configuration and I was able to get avahi to recognize a "com TLD" alias for my server, but this doesn't work completely. Following instructions from this stack overflow question:
/usr/bin/avahi-publish -a -R my-external-domain.com $(uname -n | cut -f 2)I ran this in a terminal window, but this could be made into a service and enabled to make it "permanent" (see previous stack overflow link for details).
Once this is running, I can ping my-external-domain.com from within my network and get a response, however, any services or curl requests time out.
EDIT: whoops, looks like isn't actually working via ping either. Nevermind.
Last edited by Cory Parsnipson (2024-12-12 07:19:31)
Offline
I got it working! I'll double post just to make this stand out a little more.
Recording steps for future reference:
1. I needed to change `/etc/avahi/avahi-daemon.conf` file in a couple places. Add "com" to the browse-domains variable (or whichever TLD your external domain is on). Change "enable-wide-area" to "no" if it's not already there.
2. Create an `/etc/mdns.allow` file and add lines for ".local" and ".com" (or whichever TLD the external domain is on)
3. Follow the instructions in the previous step to create an alias using avahi-publish. Enable this as a system service and restart avahi and this secondary service.
I'm seeing that when I ping or use avahi-resolve-host-name, it is resolving to the internal ip address I set in the alias service. Curl is now working too.
Going to wait a bit before marking this solved.
I also need to get this working for other computers in my network. My development laptop (currently windows) has mDNS enabled, but I am unable to ping/curl the alias like I can on the server.
======================
Edit:
So this works if you are trying to access the external domain from the server itself. I am unable to figure out why the avahi alias is not visible from my windows machine (which uses the Windows native mDNS) and I don't really expect to figure this out...
(In that case, I guess querying the server with the .local hostname will have to suffice.)
Last edited by Cory Parsnipson (2024-12-17 09:51:29)
Offline