0

I have a Nextcloud server on my LAN (with an external port forward for outside access) that I am setting up WebDav connections on for a collection of Windows 10 PCs and I want the users to make their WebDav connections over the LAN/VPN when they are in the office but then fall back to the external IP of the subdomain that DNS resolves for the connection when they are outside of the LAN/VPN. In short I want to conditionally override the DNS resoution for a single address based on how the users is connected. I hope this makes sense.

I'm using a Sonicwall for our LAN/VPN bridge, but it only looks like my only option is to setup a seperate Proxy server which I don't have the option for. I've looked at Proxy.pac, but again that looks like I need to have a Proxy server in the mix. I've also considered some kind of conditional HOSTS file approach but the users don't run the VPN client when they are on-site in the office so having the VPN client swap HOSTS files when active isn't really an option.

Does anyone have ideas on how to tackle this problem and if there is already a dupe answer for something like this, please feel free to point me there. I couldn't find one in my search.

Bryan C.
  • 101
  • 2
  • 2
    https://en.wikipedia.org/wiki/Split-horizon_DNS – ceejayoz Feb 26 '21 at 20:11
  • Please make this an answer and I'll accept it. This looks like exactly what I needed. Thanks! – Bryan C. Feb 26 '21 at 20:20
  • See my answer here. This is for Windows Server DNS. If you're using a different DNS server internally then adjust accordingly. The principle is the same. https://serverfault.com/questions/1052252/dual-dns-issue-internal-external/1052258#1052258 – joeqwerty Feb 27 '21 at 00:11

2 Answers2

0

You don't need a DNS solution for this nor do you need a proxy server: It is sufficient to add an entry to the routing table of the local router in your LAN that points the external IP address (result of the public DNS query) to the internal LAN address of the Nextcloud server.

Example to add a persistent route (survives reboots of the router) if the router is Windows:

route add -p 192.168.178.2 mask 255.255.255.255 6.7.8.9

If the Nextcloud server is exposed to the internet by routing, it already has the external IP address (6.7.8.9 in above example).
Should it be exposed by port forwarding instead, you need to add the external IP to its internal network interface (192.168.178.2 in the example) for this routing solution to work.

Juergen
  • 138
  • 1
  • 10
0

Implement IPv6 and have the same address for internal and external.

Making up an address, for example: 2001:db8:a2db:6914::c. As this is globally unique, no need for any of NAT, port forwarding, or split-horizon DNS.

John Mahowald
  • 30,009
  • 1
  • 17
  • 32