Unable to access local server using FQDN… but can access from internet

dnsfirewallnetworkingrouting

I have set up a home server on my local home network. I have a registered domain name & website through a hosting provider and have configured a subdomain A record with the hosting provider to point to my local network IP (ex: server.mydomain.tld). NAT & firewall rules are in place so that when I am NOT on my home network, I can access the server through my browser at server.mydomain.tld. Also SSL certificate is set up through LetsEncrypt. TLDR, when I'm off the home network, everything works great.

PROBLEM: If I am ON my home network (the same network as the server), and I try to navigate to server.mydomain.tld, I either get:
a) The firewall login page, or
b) A browser error about a self-signed certificate (which looks to be provided by the firewall) which I can bypass and then… get to the firewall login page

Note: If instead of server.mydomain.tld I navigate to the server's local IP address, then I can access the server portal as expected.

What sort of routing, NAT, and/or DNS rules do I need to configure on my firewall so that when I am ON the home network with the server, server.mydomain.tld takes me directly to the local IP of the server?

Please let me know if more information would be helpful. Thanks!

Best Answer

If I am ON my home network (the same network as the server), and I try to navigate to server.mydomain.tld, I either get: a) The firewall login page, or b) A browser error about a self-signed certificate (which looks to be provided by the firewall) which I can bypass and then... get to the firewall login page

The usual problem with NAT-based "port forwarding" is that it does not apply from the inside.

Attempting to use it when both the client and the server are in the same subnet would simply not work – the client's requests would go through the router normally, but the server's responses would not, meaning the router wouldn't be able to un-NAT them. So your router simply doesn't bother trying.

Some routers have a workaround for this, labelled "NAT hairpinning" or "NAT loopback". This additionally rewrites the client IP address, making it look to the server as if all LAN connections are coming from the router itself.

In general, though, a better workaround would be to use local DNS to override your FQDN so that while you're in the LAN, it directly resolves to the server's internal IP address instead of the external one.

Possibly an even better workaround would be to place the server in its own IP subnet, separate from all clients. It doesn't have to be physically segmented – it would work even if both subnets were sharing the same ethernet. Because cross-subnet traffic does go through the router, it would technically allow port-forwarding to work without problems. (That is, assuming the router's firmware lets you do that.)

Best Answer

Related Solutions

Networking – Why can’t I access the own web server from the local network

Linux – Connect a linux server to network and access it from another computer browser

Related Question