Unifi Dream Machine NAT Loopback Issue

pdkwork · August 24, 2020, 12:38am

I have been struggling with this problem and don’t know how to fix it. I recently changed from a Asus AC3200 router to a Unifi Dream Machine. With the Asus router, I configured Home Assistant with DuckDNS with port forwarding and had no problem connecting to HA from within the home WLAN or from the internet (on cell phone).

Now with the UDM, the DuckDNS address will only work from outside our network. Inside the network I have to use the IP address and port and then only on some web browsers will I get to HA after accepting a bad certificate warning. Has anyone else had this problem? The network setup is the same 192.168.1.0/24 with same subnet.

After using Google I think it is a NAT loop back issue. It is probably something simple but it is not something that I understand. Any help would be appreciated.

Thanks

Paul

joselito1 · August 24, 2020, 5:16am

A friend has similar problem, because usg somehowe closed the ports, fix was to restart usg. Check your ports: https://www.portcheckers.com/

pdkwork · August 24, 2020, 11:39am

@joeslito1 thanks. I checked the ports and they are still open. The problem is not connecting to HA remotely, the port forwarding is working. My problem is using the https://XXXX.duckdns.org address when I am connected to WiFi in my house, ie an internal connection.

wbradmoore · August 24, 2020, 1:22pm

if you happen to already use a pihole (or similar), this can be solved by adding an entry for your duckdns URL that points directly to your local HA ip

pdkwork · August 24, 2020, 9:52pm

I don’t use pihole or similar now. I guess I could install it or maybe use the nginx addon that I have read about. It is frustrating that it worked fine with Asus router and not with UDM.

tjchispas · March 3, 2022, 7:05pm

I’m sorry to bring this topic up again but I’m in the same situation and I can’t find a way to fix it

riaandelange · July 22, 2023, 4:23pm

Hey there, I struggled with the same kind of issue where I was hosting my mail server locally on a machine, so my Outlook would just error out with no description whatsoever.

After digging for a bit, I realized that it’s quite simple to solve.

I manage my domains with Cloudflare and they have been setup to use my WAN Public IP, i.e. example.com points to example 1.2.3.4 (static) - obviously so that other people can also fetch their email / visit websites hosted locally by me - behind UDM SE.

My internal network is 192.168.1.0/24
My mail server is 192.168.1.59

So… just add a new Port Forward Rule under Firewall & Security
Name: Mail Server LAN
Forward Rule: Enabled
Interface: WAN
From: Limited
Source: 192.168.1.0/24
Port: 25,110,143,465,587,993,995
Forward IP: 192.168.1.59 (your mail server IP)
Forward Port: 25,110,143,465,587,993,995
Protocol: Both
Logging: Enabled (why not)