I am having an issue where I can't connect to my home-server from my LAN when using the public IP address of the DD-WRT router. I am essentially having the same problem as detailed here: DD-WRT: How to allow port forwarding to apply to requests originating from inside the LAN?; however, none of the solutions provided are working for me. I am fairly certain that I am have modified the correct values for it to apply to my LAN setup. The router is a Netgear WNR834B v2 and it is running DD-WRT v24-sp2 18777. I am using the default IP (192.168.1.1) for it and I know that the domain an the port forwards work ordinarily.
EDIT: Got it! I found that I needed to enable Local DNS and use this answer from the linked question.
Best Answer
DD-WRT is likely not configured for hairpin routing. Connecting to the Public IP from the LAN is usually a bad idea, and you will not be able to identify the connection source. The best option is to connect directly to the desired server from inside the network.
The Shorewall FAQ 2 covers doing configuring the router so that it will work. Shorewall builds an iptables firewall from a set of specification file, so the steps are not the required iptables commands, but map fairly easily to iptables. I believe you should be able to run shorewall-lite on DD-WRT, in which case you will need to build all your firewall in Shorewall rather than the DD-WRT tool.
Using split DNS is far easier and I would recommend that approach. A tool like
dnsmasqcan provide the necessary internal DNS from a/etc/hostsfile. It acts as a caching server for addresses on the Internet. It also provides DHCP, do if you don't run it on your DD-WRT router, you will want to decide which DHCP server to enable. If you have the memory you can install in on DD-WRT as a replacement for the default DHCP server.EDIT: If you choose to use
dnsmasqit is best to set it up as the active DHCP server. If you don't run it on your router, disable DCHP on the routers. Alternatively, use fixed addresses outside the DHCP address range for the servers your want to route to. Using fixed addresses is a good idea for servers anyway. Add the addresses of the servers to the/etc/hostsfile on the host runningdnsmasq, and restartdnsmasq. If you configurednsmasqwith a domain, you can also lookup DHCP clients by name.Determine the address of the
dnsmasqhost. (This should be a private network address like 192.168.0.10.) Configure your DHCP server to list this address as the first DNS nameserver. For linux hosts and others with a/etc/resolve.conffile use this address for the firstnameserverentry. For other servers with static nameserver entries make this address the first specified address.DHCP clients will need to have their DNS data updated. Triggering a DHCP renewal should update the data. Many systems have internal DNS caches, so the changes may not be visible immediately. Rebooting clients after all the server configuration has been done should clear all caches and reload DHCP specified configuration.