You could also add the hostnames and their local addresses into the /etc/hosts file.
Pfsense's built in resolver does some interesting things for hosts behind the nat like overriding hostnames for hosts on the local lan. I use these for small businesses all the time.
Cheers
On April 22, 2019 8:35:43 PM EDT, Mark Rousell <mark.rousell@xxxxxxxxxxxxx> wrote:
On 22/04/2019 23:29, Lester Caine wrote:
Thanks that was the kick I needed ...
https://community.netgear.com/t5/DSL-Modems-Routers/D7000v2-NAT-Loopback/td-p/1566171
is a much better answer, and like the original poster the modem is
now re-boxed and ready to go back! What was more annoying is the
number of days it took NOT to get this answer from the Netgear
support services :( And several months on there has been no
attempt to fix the problem either.
I'm glad that sent you in the right direction. :-)
The thread you linked to makes interesting reading, as does your
experience with Netgear tech support. Sadly, it looks like their
tech support is not all that knowledgable. And, worse, Netgear
doesn't seem interested in fixing an obvious bug. One can only
presume they take the view that relatively few people will notice
this sort of bug so why bother. It's not what one would hope for.
What router are you going with now? If you already run your own
server(s) then you might consider a two box solution such as a VDSL
modem with an OPNSense router/firewall. Alternatively you could
flash a commercial router with DD-WRT or similar, if you fancy.
The problem with that is there are multiple websites all resolved
to the public IP address. One can't simply use the local IP
address to access them? One has to have 'NAT Loopback' working in
this case, which it does no the older Netgear D6220 and all the BT
Hubs ... It's just a pity that all of them seem to have some
problem ...
Or is there some way to work around this on the PHP-FPM side of
the network?
Yes, you can almost certainly work around it. It's fine that the
sites' domain/host names resolve to the public IP address. As you
found, that works fine for public external access even without NAT
loopback working.
However, the PHP scripts running on the server all natively see the
server from the private side of the LAN. E.g. Where a script
currently tries to access "server.mydomain.com" then it could
instead access "192.168.1.34", the private IP address of the server.
In brief, there's no need for scripts running on a host on the
private LAN to use public domain names or IP addresses; they can
just use private LAN IP addresses to reach other LAN servers and
thus avoid the need for NAT loopback. This of course does not
prevent external users from accessing the servers via the public IP
address.
If some of the script access other websites or servers using HTTP
(which obviously presumes the use of host headers) then you can just
add the private IP address of the server to the host headers entry
of the web server configuration.
If you provide more details of the PHP you're using then I can be
more specific about what to change.
--
Mark Rousell
-- Sent from my Android device with K-9 Mail. Please excuse my brevity. |