Unable to use external url from my own LAN

gieljnssns · May 30, 2019, 8:37am

After changing my router from an AirPort Extreme to an Edgerouter 12, I’m unable to use my external url (xxxxxxx.duckdns.org:444) in my own LAN.
Hassio generic install.
Normally this isn’t a big problem, I’m using iOS beta v2. So when I’m on my wifi it uses the internal url http://192.168.79.54:8123/lovelace/default_view. But tts doesn’t work that way.
I 've set up 3 VLAN’s, one for pc’s and iPhones: switch0.69 - 192.168.69.1/24, one for IOT: switch0.79 - 192.168.79.1/24 and one for guests: switch0.89 - 192.168.89.1/24.
I’m using caddy as a proxy.
This is my caddyfile

xxxxxxxxxx.duckdns.org {
    header / {
    Strict-Transport-Security "max-age=31536000; includeSubdomains"
    X-XSS-Protection "1; mode=block"
    X-Content-Type-Options "nosniff"
    X-Frame-Options "SAMEORIGIN"
    Referrer-Policy "same-origin"
}
    proxy / localhost:8123 {
        websocket
        transparent
    }
}

These are my port-forwards in my router

And I have this in my firewall

I know this isn’t an HA-problem, but I hope someone can help me with this
If you have other questions, shoot…

DavidFW1960 · May 30, 2019, 9:38am

You have port 444 not 443 in one of the shots but you should have 443 to 8123 too…

gieljnssns · May 30, 2019, 9:49am

@DavidFW1960
where do you mean?
Firewall or port forwarding?

gieljnssns · May 30, 2019, 10:04am

I’ve found it, after 2 days of and locking myself out…

I’ve had to enable Hairpin NAT (NAT loopback) on my 2 VLAN’s to switch0.79 and switch0.69
leaving the port forwards and the firewall rules…

DavidFW1960 · May 30, 2019, 10:25am

Ah I didn’t notice you are using Caddy… your screenshots showed you had Hairpin NAT enabled too… weird but sorry I didn’t look closer…

gieljnssns · May 30, 2019, 10:28am

No problem

sirpreis · March 29, 2023, 5:56am

This is an old thread, but I’m a little lost with this and maybe someone can help.

I’m using an EdgeRouter X and my external address (DuckDNS via HA addon) works from outside my own network, but when inside, it seems to resolve to the EdgeRouter webinterface.

This is the port forwarding config in EdgeRouter:

port-forward {
    auto-firewall enable
    hairpin-nat enable
    lan-interface switch0.50
    rule 1 {
        description HomeAssistant
        forward-to {
            address 10.0.50.12
            port 8123
        }
        original-port 443
        protocol tcp
    }
    wan-interface pppoe0
}

Do I need to add any other NAT rules for this to work?

I do have two AdGuard instances (one in HA, one on a separate Pi), those are the DNS servers for the switch0.50 VLAN. Maybe that causes an issue?