Problems with NAT Loopback / Hairpinning

[kennymc.c]

I would like to reach a local server via a DynDNS domain that redirects to my external ip. From outside my lan, it works as expected, but I can't get a connection inside. As I understood it, the necessary NAT loopback is permanently activated with Merlin and I shouldn't have any problems. When pinging the domain on several devices inside my lan I get a timeout. My Asus AC86U with FW 384.9 is behind a cable router configured as a DMZ. However, I can ping the domain from this cable router without any packet loss. I therefore assume that the problem is with the Asus router. Is there anything else I need to configure?

 

[ColinTaylor]

is behind a cable router configured as a DMZ.

That's probably the problem. Your cable modem needs to be bridged (or in DMZ+/IP Passthrough mode if that's your only option).

 

[kennymc.c]

Ok, I already thought this could be a problem because I can't put it into bridge mode. But shouldn't it work already, because the ac86 is already in a dmz?
Is there any other way to just tell the AC86 to rout my Domain to the server ip in my lan?

 

[CaptainSTX]

I would like to reach a local server via a DynDNS domain that redirects to my external ip. From outside my lan, it works as expected, but I can't get a connection inside. As I understood it, the necessary NAT loopback is permanently activated with Merlin and I shouldn't have any problems. When pinging the domain on several devices inside my lan I get a timeout. My Asus AC86U with FW 384.9 is behind a cable router configured as a DMZ. However, I can ping the domain from this cable router without any packet loss. I therefore assume that the problem is with the Asus router. Is there anything else I need to configure?

Have your tried setting upDynDNS on your internet facing router? If you can get that to work then you should be able to do a port forward from that router to your double NATed router and probably a second port forward to your local server.

 

[ColinTaylor]

Ok, I already thought this could be a problem because I can't put it into bridge mode. But shouldn't it work already, because the ac86 is already in a dmz?

NAT loopback only works if the router's WAN IP address matches the one returned by DDNS. I'm guessing that's not the case.

Is there any other way to just tell the AC86 to rout my Domain to the server ip in my lan?

If it's a single host you could create a hosts file entry with the local address, either on the router or on the client. That would probably work so long as you're not using HTTPS. If you need to redirect an entire domain then you'll have to get a bit more complicated with dnsmasq modifications.

 

[kennymc.c]

NAT loopback only works if the router's WAN IP address matches the one returned by DDNS. I'm guessing that's not the case.

Yes, i‘m only getting a private ip from my cable router and this is shown as my WAN IP in the ASUS router. But until last year i used a ac66u with the same setup and might sweat that it showed my real external WAN IP.
Probably the ip was transferred by a custom DDNS script, which I don't need anymore with the new router, because my provider is now officially supported. The IP is now determined by the external method. Unfortunately it seems that with a newer firmware i can't use the old script anymore, otherwise I would have tried it. But infanct the ac86 is still getting my external ip through DDNS but doesnt recognize it as an „alternative“ wan ip.

 

[kennymc.c]

If it's a single host you could create a hosts file entry with the local address, either on the router or on the client. That would probably work so long as you're not using HTTPS. If you need to redirect an entire domain then you'll have to get a bit more complicated with dnsmasq modifications.

Solved the problem now with a dnsmasq custom domain according to this: https://github.com/RMerl/asuswrt-merlin/wiki/Custom-domains-with-dnsmasq HTTPS works too