DD-WRT :: View topic - Accessing a webserver from the local network via domain name

Accessing a webserver from the local network via domain name

DD-WRT Forum Index -> Broadcom SoC based Hardware

View previous topic :: View next topic

Author

Message

SinCalChewy
DD-WRT User

Joined: 09 Nov 2014
Posts: 314
Location: Bakersfield, CA

Posted: Thu Dec 19, 2019 6:43 Post subject: Accessing a webserver from the local network via domain name

Hi all, for the longest time I had my main webserver setup where I could access the domains via their name in my local network (192.168.1.0), and it worked fine. When updating stuff, it seems I have deleted the previous iptables rule(s) that had that working and I can't seem to get it back up.

I can access the sites just fine when browsing from outside of my network (in my testing case, from a cell phone not on wifi) and get the intended pages/sites, so the port forwarding works if you're on a outside connection. If I view the domain name from a device on my internal network, I get the gateway router status page shown from 192.168.1.1, not the intended pages from my server at 192.168.2.10.

My iptables rules:

Code:

iptables -t nat -I PREROUTING 4 -d `nvram get wan_ipaddr` -i `get_wanface` -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to-destination 192.168.2.10:80

iptables -t nat -I PREROUTING 4 -d `nvram get wan_ipaddr` -i `get_wanface` -p tcp --dport 443 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to-destination 192.168.2.10:443

iptables -I FORWARD 4 -d 192.168.2.10 -p tcp -m tcp --dport 80 -j ACCEPT
iptables -I FORWARD 4 -d 192.168.2.10 -p tcp -m tcp --dport 443 -j ACCEPT

Some facts:
My internal network is 192.168.1.0
My server network is 192.168.2.0
My webserver ip is 192.168.2.10

Once again, I can connect from an external connection, but not via my local browsers.
Is this a NAT loopback issue? And if so, or if not lol, can I get some help with necessary iptables rules? I had it before, no idea what I changed. If you need more info, lemme know.

Many thanks!
_________________

Deployed Routers:
Netgear R7800 - 1x build 46979
- Gateway (USB /w Entware, CAKE QoS)
Netgear R7000 - 3x build 46979

Sponsor

egc
DD-WRT Guru

Joined: 18 Mar 2014
Posts: 12906
Location: Netherlands

Posted: Fri Dec 20, 2019 13:07 Post subject:

Maybe disable "No DNS Rebind" on Services tab?
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

SinCalChewy
DD-WRT User

Joined: 09 Nov 2014
Posts: 314
Location: Bakersfield, CA

Posted: Sat Dec 21, 2019 8:27 Post subject:

egc wrote:

Maybe disable "No DNS Rebind" on Services tab?

The DNS Rebind my units have that disable box off. Meh lol
_________________

Deployed Routers:
Netgear R7800 - 1x build 46979
- Gateway (USB /w Entware, CAKE QoS)
Netgear R7000 - 3x build 46979

Per Yngve Berg
DD-WRT Guru

Joined: 13 Aug 2013
Posts: 6870
Location: Romerike, Norway

Posted: Sat Dec 21, 2019 12:13 Post subject:
Don't use NAT loopback. Put an host record for 192.168.2.10 in the Additional DNSMasq settings. host-record=www.mydomain.com,192.168.2.10

SinCalChewy
DD-WRT User

Joined: 09 Nov 2014
Posts: 314
Location: Bakersfield, CA

Posted: Sat Dec 21, 2019 12:56 Post subject:

Per Yngve Berg wrote:

Don't use NAT loopback.

Put an host record for 192.168.2.10 in the Additional DNSMasq settings.

host-record=www.mydomain.com,192.168.2.10

Okay, I'mma give that a go... thank you so much (:
_________________

Deployed Routers:
Netgear R7800 - 1x build 46979
- Gateway (USB /w Entware, CAKE QoS)
Netgear R7000 - 3x build 46979

SinCalChewy
DD-WRT User

Joined: 09 Nov 2014
Posts: 314
Location: Bakersfield, CA

Posted: Wed Dec 25, 2019 12:50 Post subject:
Figured it out. Had a few unneeded/bad dnsmasq settings going. Cleared that up and it's back working as intended. Thanks for the suggestions. Also, I did notice I posted this in the wrong category. Apologies Good day! _________________ Deployed Routers: Netgear R7800 - 1x build 46979 - Gateway (USB /w Entware, CAKE QoS) Netgear R7000 - 3x build 46979

wenzhuo
DD-WRT User

Joined: 22 Apr 2011
Posts: 191

Posted: Thu Dec 26, 2019 4:33 Post subject:

Quote:

To enable your LAN clients to access the web server via your WAN ip, you need to remove "-i `get_wanface`" options.

You can combine the two rules into one.

Code:

# iptables -t nat -I PREROUTING 4 -d `nvram get wan_ipaddr` -p tcp -m multiport --dports 80,443 -j DNAT --to-destination 192.168.2.10
# iptables -I FORWARD 4 -d 192.168.2.10 -p tcp -m multiport --dports 80,443 -j ACCEPT

Display posts from previous:

Page 1 of 1

DD-WRT Forum Index -> Broadcom SoC based Hardware

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

Log in

Accessing a webserver from the local network via domain name

Quick Links

Log in