On 23/04/2019 01:35, Mark Rousell wrote:
On 22/04/2019 23:29, Lester Caine wrote:
Thanks that was the kick I needed ...
https://community.netgear.com/t5/DSL-Modems-Routers/D7000v2-NAT-Loopback/td-p/1566171
is a much better answer, and like the original poster the modem is now
re-boxed and ready to go back! What was more annoying is the number of
days it took NOT to get this answer from the Netgear support services
:( And several months on there has been no attempt to fix the problem
either.
I'm glad that sent you in the right direction. :-)
The thread you linked to makes interesting reading, as does your
experience with Netgear tech support. Sadly, it looks like their tech
support is not all that knowledgable. And, worse, Netgear doesn't seem
interested in fixing an obvious bug. One can only presume they take the
view that relatively few people will notice this sort of bug so why
bother. It's not what one would hope for.
They are still trying to blame BT for the problem rather than
acknowledge that there is one ...
What router are you going with now? If you already run your own
server(s) then you might consider a two box solution such as a VDSL
modem with an OPNSense router/firewall. Alternatively you could flash a
commercial router with DD-WRT or similar, if you fancy.
I'm back on the BT Hub6 for the BT line and the Netgear D6220 DOES work
perfectly on the Vodafone line. The problem is that the BT line keeps
dropping the connection a few times a week while the Vodafone on into
the same cabinet across the road is fine! This was an attempt to rule
out the Hub6 as the problem, but with the Netgear ALSO dropping the
connection not sure quite where we are ...
The problem with that is there are multiple websites all resolved to
the public IP address. One can't simply use the local IP address to
access them? One has to have 'NAT Loopback' working in this case,
which it does no the older Netgear D6220 and all the BT Hubs ... It's
just a pity that all of them seem to have some problem ...
Or is there some way to work around this on the PHP-FPM side of the
network?
Yes, you can almost certainly work around it. It's fine that the sites'
domain/host names resolve to the public IP address. As you found, that
works fine for public external access even without NAT loopback working.
However, the PHP scripts running on the server all natively see the
server from the private side of the LAN. E.g. Where a script currently
tries to access "server.mydomain.com" then it could instead access
"192.168.1.34", the private IP address of the server. In brief, there's
no need for scripts running on a host on the private LAN to use public
domain names or IP addresses; they can just use private LAN IP addresses
to reach other LAN servers and thus avoid the need for NAT loopback.
This of course does not prevent external users from accessing the
servers via the public IP address.
The main problem here is that the 'problem' sites are ones running
Wordpress. My own sites don't have a problem as things like cron happen
independent of PHP, but it was the Wordpress scheduled events that were
messed up ... along with email but that turned out to be just a corrupt
IP change ...
In both cases however one accesses the dashboard via the domain name in
order to get the at the management toolsc.
If some of the script access other websites or servers using HTTP (which
obviously presumes the use of host headers) then you can just add the
private IP address of the server to the host headers entry of the web
server configuration.
If you provide more details of the PHP you're using then I can be more
specific about what to change.
There are four local servers but only 2 are visible from outside. One on
each broadband line, both of which have static IPV4 addresses (but only
BT support static IPV6 - Vodafone asked what it was when I requested it)
The servers are SUSE Linux, Nginx, assorted PHP-FPM for 5.x, 7.0 and 7.2
along with Firebird and MySQL for the Wordpress sites. Obviously in an
ideal world all four servers would be visible from either line so that
the BT one going down would not be a problem at all. Just reduced
bandwidth till it's back 10 minutes later ... and I THINK the starting
point for that is to have my own DNS servers on each line but now I am
getting out of the comfort zone ... what I have does work the vast
majority of the time so perhaps I leave it like that :)
--
Lester Caine - G8HFL
-----------------------------
Contact - https://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - https://lsces.co.uk
EnquirySolve - https://enquirysolve.com/
Model Engineers Digital Workshop - https://medw.co.uk
Rainbow Digital Media - https://rainbowdigitalmedia.co.uk
