Access a LAN service with NAT enabled via Domain Name

Murus
Post Reply
crazyc
Posts: 21
Joined: Thu Mar 26, 2015 1:37 am

Access a LAN service with NAT enabled via Domain Name

Post by crazyc » Fri Mar 27, 2015 1:30 pm

Per my other thread, I mentioned that I know I'm missing a setting/rule somewhere that's driving me crazy.
I have a Murus 1.1.2 and have setup NAT forwarding.
All my public services are accessible as I would expect from a machine on the WAN side via domain name and port number or public ip and port number.
The problem I have is that I can't access the same services from the LAN side by using the domain name. If I use the hostname and port or the internal IP with the port, it works fine. But I really don't want to sets of bookmarks on my laptop for working on the LAN and working on the WAN. This has to be a simple rule that I'm missing. The machine acting as the router with the NAT is also the machine providing DNS. I even created a local zone for the domain with the local IP (no access to DNS from WAN side) and that didn't work either.
Any suggestions would be great.

hany
Posts: 483
Joined: Wed Dec 10, 2014 5:20 pm

Re: Access a LAN service with NAT enabled via Domain Name

Post by hany » Fri Mar 27, 2015 2:01 pm

Ok you are facing a typical well-known problem. Despite being "typical" it is not easy to deal with this issue.
Look, the best thing to do is to download from our web site the PF Manual (not the Murus Manual!) and read page 38 and 39.
You'll find chapters named "Redirection and Reflection" and "Split-Horizon DNS". This is a well-known way to overcome the issues you are experiencing, which are there "by design", they are not bugs and they are not related with Murus and/or PF.
You have probably more experience than me configuring web servers and DNS, so I think that reading this very small manual chapter will clarify your situation.
Have a look at it and let me know :)

briand
Posts: 1
Joined: Wed Apr 29, 2015 2:22 pm

Re: Access a LAN service with NAT enabled via Domain Name

Post by briand » Fri May 01, 2015 1:10 pm

For resolving my own domain names to LAN IPs, while on my LAN, I run a local BIND DNS service on a LAN-side server. It's not exposed to the Internet.

For machines that never move off the LAN, I permanently point their DNS resolving to that local server (in each machine's network location setting). For my laptops, I use ControlPlane to auto-detect when my laptop is on my local network, and then it switches the laptop's location profile to using the LAN DNS server.

Post Reply