The client will look up your domain at whatever DNS it uses. It will return your public IP.
Client will send a packet with that as destination. It will reach the router which goes ‘I know! The call is coming from inside the house!’ and sends it to the server without modification.
The server gets it and sends a response, but the response is addressed back to client’s local IP.
Client gets the response, but that packet’s origin (in the header) is server’s local IP.
Client goes ‘wtf, I didn’t call you?!’ And drops the packet, still waiting for a response with your public IP as its origin.
This can be solved with the router modifying the appropriate traffic’s headers so that the headers match the expected, called NAT Loopback, or by using IPv6 global addresses.
It might also work running a local DNS server that returns your server’s local IP for a given domain, but that might yield certificate errors, and won’t work if devices ignore the DNS coming from DHCP.
I was using straight firewall rules for some years, but lost the template when the NAT Loopback checkbox started working (OpenWRT).
Couple good ideas already posted, but also you can update your hosts file with a ref to the internal IP, or if you are running your own DNS server, add an override for the domain
deleted by creator
Enable nat loopback on your router
May be called hairpinning depending on the device.
The client will look up your domain at whatever DNS it uses. It will return your public IP.
Client will send a packet with that as destination. It will reach the router which goes ‘I know! The call is coming from inside the house!’ and sends it to the server without modification.
The server gets it and sends a response, but the response is addressed back to client’s local IP.
Client gets the response, but that packet’s origin (in the header) is server’s local IP.
Client goes ‘wtf, I didn’t call you?!’ And drops the packet, still waiting for a response with your public IP as its origin.
This can be solved with the router modifying the appropriate traffic’s headers so that the headers match the expected, called NAT Loopback, or by using IPv6 global addresses.
It might also work running a local DNS server that returns your server’s local IP for a given domain, but that might yield certificate errors, and won’t work if devices ignore the DNS coming from DHCP.
I was using straight firewall rules for some years, but lost the template when the NAT Loopback checkbox started working (OpenWRT).
This is a great explanation, I wish I could’ve got you to explain a bunch of other network stuff to me back when I was learning
deleted by creator
Yeah, I just included the DNS part for completion’s sake 🙂
Hey same I don’t know why it doesn’t work. I need to use my server’s local IP when I connect from inside my house.
There’s a few devices out there that don’t offer NAT hairpin/loopback by default, such as Mikrotik.
Couple good ideas already posted, but also you can update your hosts file with a ref to the internal IP, or if you are running your own DNS server, add an override for the domain
deleted by creator