Hi,
I have a bit of an issue with NAT loopback for my HA, the specific is that I’m not only running HA but also a reverse proxy out of a synology and I cannot seem to find the answer anywhere else.
Let me first detail my setup, explain what I can do locally and remotely and finally what the issue is (reaching my HA on the local network by using the external address)
I have the external address:
My local setup is:
- Router at 001.001.001.001
- Home Assistant on a Pi (123.123.123.123)
- Synology NAS (456.456.456.456)
- HA:
- runs duckdns linked to xxx.duckdns.org
- runs DNSMasq with the following config:
defaults:
- 8.8.8.8
- 8.8.4.4
forwards: []
hosts:
- host: xxx.duckdns.org
ip: 123.123.123.123
- host: ha.xxx.duckdns.org
ip: 123.123.123.123
- host: nas.xxx.duckdns.org
ip: 456.456.456.456
services: []
cnames: []
- Router:
- redirects port 443 to the NAS
- redirects port 8123 to HA (legacy, to be decomissioned)
- has HA as primary DNS
- NAS:
- is running a revert proxy so that:
- https://nas.xxx.duckdns.org redirect to itself (1 rule only on port 443 redirecting to Synology on port 5001)
- https://ha.xxx.duckdns.org redirect to HA (1 rule only on port 443 redirecting to HA on port 8123)
- has the let’s encrypt certificate for xxx.duckdns.org, nas.xxx.duckdns.org, ha.xxx.duckdns.org
- is running a revert proxy so that:
Outside of my local network I can do the following:
- reach my NAS 1. with nas.xxx.duckdns.org (ssl ok)
- reach my HA with ha.xxx.duckdns.org (ssl ok)
- reach my HA with xxx.duckdns.org:8123 (legacy, to be decomissioned, ssl ok)
Locally I can:
- reach my NAS with nas.xxx.duckdns.org (all good, ssl ok, expected behaviour)
- reach my HA with xxx.duckdns.org:8123 (legacy, to be decomissioned, ssl ok)
- reach my HA with 123.123.123.123:8123 (ssl nok, obviously)
- nslookup ha.xxx.duckdns.org which resolves correctly to the local IP adress of my HA 123.123.123.123 (same with nslookup xxx.duckdns.org, obviously)
- ping ha.xxx.duckns.org and get a response (from the local HA address 123.123.123.123)
what I cannot do (and cannot figure out why) is actually reaching my HA through the browser by hitting ha.xxx.duckdns.org when I’m on the local network; I get a ERR_CONNECTION_REFUSED error.
Happy to provide more context and run any query you magicians need to help me solve my issues.
Many thanks
PS: I’m not opposed to moving all the DDNS and local DNS resolver to the NAS, or moving the reverse proxy to HA (whatever makes more sense… and is easiest)