Per my other thread, I mentioned that I know I'm missing a setting/rule somewhere that's driving me crazy.
I have a Murus 1.1.2 and have setup NAT forwarding.
All my public services are accessible as I would expect from a machine on the WAN side via domain name and port number or public ip and port number.
The problem I have is that I can't access the same services from the LAN side by using the domain name. If I use the hostname and port or the internal IP with the port, it works fine. But I really don't want to sets of bookmarks on my laptop for working on the LAN and working on the WAN. This has to be a simple rule that I'm missing. The machine acting as the router with the NAT is also the machine providing DNS. I even created a local zone for the domain with the local IP (no access to DNS from WAN side) and that didn't work either.
Any suggestions would be great.
Access a LAN service with NAT enabled via Domain Name
-
crazyc
- Posts: 21
- Joined: Thu Mar 26, 2015 1:37 am
-
hany
- Posts: 485
- Joined: Wed Dec 10, 2014 5:20 pm
Re: Access a LAN service with NAT enabled via Domain Name
Ok you are facing a typical well-known problem. Despite being "typical" it is not easy to deal with this issue.
Look, the best thing to do is to download from our web site the PF Manual (not the Murus Manual!) and read page 38 and 39.
You'll find chapters named "Redirection and Reflection" and "Split-Horizon DNS". This is a well-known way to overcome the issues you are experiencing, which are there "by design", they are not bugs and they are not related with Murus and/or PF.
You have probably more experience than me configuring web servers and DNS, so I think that reading this very small manual chapter will clarify your situation.
Have a look at it and let me know
Look, the best thing to do is to download from our web site the PF Manual (not the Murus Manual!) and read page 38 and 39.
You'll find chapters named "Redirection and Reflection" and "Split-Horizon DNS". This is a well-known way to overcome the issues you are experiencing, which are there "by design", they are not bugs and they are not related with Murus and/or PF.
You have probably more experience than me configuring web servers and DNS, so I think that reading this very small manual chapter will clarify your situation.
Have a look at it and let me know
-
briand
- Posts: 1
- Joined: Wed Apr 29, 2015 2:22 pm
Re: Access a LAN service with NAT enabled via Domain Name
For resolving my own domain names to LAN IPs, while on my LAN, I run a local BIND DNS service on a LAN-side server. It's not exposed to the Internet.
For machines that never move off the LAN, I permanently point their DNS resolving to that local server (in each machine's network location setting). For my laptops, I use ControlPlane to auto-detect when my laptop is on my local network, and then it switches the laptop's location profile to using the LAN DNS server.
For machines that never move off the LAN, I permanently point their DNS resolving to that local server (in each machine's network location setting). For my laptops, I use ControlPlane to auto-detect when my laptop is on my local network, and then it switches the laptop's location profile to using the LAN DNS server.