Web lists-archives.com

Re: Life getting to complicated?

You could also add the hostnames and their local addresses into the /etc/hosts file.

Pfsense's built in resolver does some interesting things for hosts behind the nat like overriding hostnames for hosts on the local lan. I use these for small businesses all the time.


On April 22, 2019 8:35:43 PM EDT, Mark Rousell <mark.rousell@xxxxxxxxxxxxx> wrote:
On 22/04/2019 23:29, Lester Caine wrote:
Thanks that was the kick I needed ...
https://community.netgear.com/t5/DSL-Modems-Routers/D7000v2-NAT-Loopback/td-p/1566171 is a much better answer, and like the original poster the modem is now re-boxed and ready to go back! What was more annoying is the number of days it took NOT to get this answer from the Netgear support services :( And several months on there has been no attempt to fix the problem either.

I'm glad that sent you in the right direction. :-)

The thread you linked to makes interesting reading, as does your experience with Netgear tech support. Sadly, it looks like their tech support is not all that knowledgable. And, worse, Netgear doesn't seem interested in fixing an obvious bug. One can only presume they take the view that relatively few people will notice this sort of bug so why bother. It's not what one would hope for.

What router are you going with now? If you already run your own server(s) then you might consider a two box solution such as a VDSL modem with an OPNSense router/firewall. Alternatively you could flash a commercial router with DD-WRT or similar, if you fancy.

The problem with that is there are multiple websites all resolved to the public IP address. One can't simply use the local IP address to access them? One has to have 'NAT Loopback' working in this case, which it does no the older Netgear D6220 and all the BT Hubs ... It's just a pity that all of them seem to have some problem ...

Or is there some way to work around this on the PHP-FPM side of the network?

Yes, you can almost certainly work around it. It's fine that the sites' domain/host names resolve to the public IP address. As you found, that works fine for public external access even without NAT loopback working.

However, the PHP scripts running on the server all natively see the server from the private side of the LAN. E.g. Where a script currently tries to access "server.mydomain.com" then it could instead access "", the private IP address of the server. In brief, there's no need for scripts running on a host on  the private LAN to use public domain names or IP addresses; they can just use private LAN IP addresses to reach other LAN servers and thus avoid the need for NAT loopback. This of course does not prevent external users from accessing the servers via the public IP address.

If some of the script access other websites or servers using HTTP (which obviously presumes the use of host headers) then you can just add the private IP address of the server to the host headers entry of the web server configuration.

If you provide more details of the PHP you're using then I can be more specific about what to change.

Mark Rousell

Sent from my Android device with K-9 Mail. Please excuse my brevity.