BRT-AC828 access LAN server from LAN via FQDN (external interface)

[nick61]

Hi,

I have a strange issue: I have a server behind the router. I have the necessary ports mapped via port forwarding.

If the server is accessed from outside (from internet), everything is fine.

If the server is accessed from inside the LAN, it's (almost) mandatory to access it ONLY via local IP. If accessed via FQDN, the response of the server to LAN requests are extremely slow (the public IP has a fully qualified domain name, registered in a public DNS).

So, accessing the inside server xxxx.domain.com from internet it's ok and very fast. Accessing the same xxxx.domain.com from LAN it's extremely slow, almost impossible to access. But if it is accessed from LAN directly via LAN IP of the server, it is very fast again.

I've tried to play a lot with firewall, with MAC and IP address mapping, with WAN settings, no success. Any ideea if I'm doing something wrong?

Thank you very much,

(I've found a way to temporary solve the problem, by modifying hosts file in my PC, and I've mapped FQDN xxx.domain.com to 192.168.x.x, but it's not a real solution)

 

[ColinTaylor]

This is likely to be related to NAT loopback. What kind of server is it? NAT loopback changes the source address which causes problems for things like HTTPS. The common work around is to do what you did, create a hosts file entry that uses the local IP address. If you can modify the hosts file on the router rather than the PC it would effect all local clients.

 

[nick61]

Hi, thanks for reply,

In fact I have several servers behind router, all of them with the same problem. I have a DVR with some surveillance cameras, a NAS that I need to be accessible from outside, a plex server, etc.
The strange issue is that after I reset the router to factory defaults, for a short period after mapping the ports, the things are working, and I can access the servers via FQDN domain name from inside LAN. I don't know when and why, but after a short period of time, the servers are not accessible via FQDN anymore from inside LAN.

It's annoying because for example, checking DVR from my mobile could not be done from inside LAN, when I'm on wifi, but only if I set in the mobile app two separate DVRs, one to be accessed from outside via FQDN, the other one to be accessed from inside LAN via local IP.

Thank you,

 

[nick61]

It seems that I've found the problem: "Enable QoS" - stops that NAT loopback access (I've seen this function is named "hairpinning" on some sites - for me it was "hair-pulling").

It was very difficult to locate the issue because immediately after enabling QoS, I'm still able to access servers from LAN for several minutes, so initially I thought this is not an issue .

Thank you,

 

[ColinTaylor]

That's a very interesting discovery. Congratulations on finding it. I would never have thought of that.