A single Internal/External URL with DuckDNS + NGINX Proxy Manager


Is there an integration for home assistant to workaround NAT loopback issues. I have successfully set up DuckDNS with the NGINX Proxy Manager, which means i can access various things on the LAN (my alarm, router homepages) using various duckdns addresses. My issue is i cannot use the DuckDNS addresses to access my HA or other things from within my network. For that, i have to enter the local ip addresses.

My goal is to access everything with one single URL (the duckdns address) from within or from outside my network. I have a netgear orbi router behind an ISP router (Livebox 3, Orange in France) which i cannot get around. I am fairly limited as to what i can do with that router, i cannot change the DNS servers for example. My router does not support NAT Loopback, as in it blocks me using the External URL internally. Is there an integration in HA that fixes this alongside the NGINX Proxy Manager?

I think that you can install AdGuard or DNS masq extension in Home Assistant, configure it as local DNS and overriding name resolution of your things.
On router, you must set Home Assistant local ip as DNS Server for DHCP lease.



I dont think i can do that unfortuantely. On my Orbi Router 10.XX.XX.XX (which is where i have all my things) i can change the DNS settings - Automatically the DNS Server is (the IP of my ISP router)

However on the ISP Router i cannot change the DNS server. It is locked and has an 80.XX.XX.XX IP address.

I guess there is no workaround for that…

Are your client wifi devices all getting 10.x.x.x ip addresses, from the Orbi?
And is your NGINX also under 10.x.x.x subnet?

If yes, I believe Orbi can do NAT loopback…?

There’s one more thing you can try: First setup the adguard home add-on as Mario suggested, and then inside Orbi, setup the DNS server to the ip of adguard home.

If you would / could get it to work (internet OK, and some ad blocking) thus far, then good - you could then do DNS rewrites from adguard config. That is, when someone in your local 10.x.x.x network and getting DHCP instructions from Orbi, Orbi will tell anyone who seeks DNS records ask Adguard instead, and then Adguard would tell the client that “for this DuckDNS address please use this local ip address of NGINX instead.”

Could not test the whole thing for you, but hope this helps.


Many thanks for the reply. The main ISP router only serves one IP - the Orbi router. All devices are getting IP addresses from the Orbi subnetwork, so 10.xx.xx.xx.

The NGINX is running on my HA on a raspberry pi which has a static address. I have tried setting up DNSMasq on my raspberry pi, and then on the Orbi settings i change the DNS server from (the IP of the main ISP router) to the IP address of the HA 10.xx.xx.xx

Still does not seem to work though.

You can disable DHCP Server from Orbi router and promote AdGuard to DHCP Server. I have this configuration:

  • HA with AdGuard supply dns resolution and dhcp address;
  • Router act only as nat translator

Not exactly addressing OP’s question, but related. So a quick update:

  • I recently got a Livebox 4
  • I installed AdGuard Home add-on in my HAOS

So on Livebox 4 I can deactivate DHCP

And on AdGuard Home UI > Settings > DHCP Settings, I enabled the DHCP

And that’s it. AdGuard Home (not Livebox) would now issue IP addresses, and advertise its DNS service on DNS rewrite (that was configured under AdBlock Home) works. Ad blocking works.