0
My home router, a ZyXEL C2100Z, does not support NAT loopback, which leaves me in a bind when trying to access a site from my iPhone that I am serving publicly from a server within my home network.
When I am not at home, I can go to my site from the public internet and everything works fine. When I am at home connected to my network, I have to use a different address to get to this same server. My router supports Host mapping, so rather than going to mydomainname.com like I would on the public internet, I navigate to mydomainname, and I have my web server serving at both of those host names. This is a workaround, but certainly not my ideal solution.
On my laptop, this problem could be easily fixed by editing the hosts file, but I am trying to fix this problem specifically for the iPhones on my network. I am not interested in rooting the phones.
What I am wondering is if I can get around this problem by installing a DNS like OpenDNS on my home server and making my local network use that to resolve domain names, and just put in a single A entry for my public site to route back to the local IP, and fallback to my ISP's DNS for everything else. If I do this I am assuming I just configure my router to use my local DNS server instead of my ISP's DNS server.
- Is this possible? (i.e. is that how it works?)
- Is there another way to accomplish what I am trying to do?
(Please know that I have seen similar questions with similar answers, but I am specifically distinguishing this question from others because I am wondering all ways to accomplish this specific scenario, iPhones on a NAT network with no NAT loopback.)
Michael Plautz
Posted 2018-10-24T15:03:48.247
Reputation: 253
I realize one solution to this is to point my domain to a completely different server (outside the network, maybe AWS) that just acts as a reverse proxy for my server. I am wondering about free/low cost options for that. If I use a reverse proxy, then I have to be able to configure my SSL certificates on that server. – Michael Plautz – 2018-10-24T15:05:55.270
This problem will go away if you use IPv6. From your question I cannot tell if your router already has IPv6 turned on. That's the first thing you should check. – kasperd – 2018-10-24T16:10:58.020
So IPv6 as I understand does not sit behind a NAT (partly because there is no scarcity of addresses in the v6 space), so if I eliminate the NAT then I am eliminating an extra tremendous level of security, because now all devices on my network face exposure. That creates a whole new problem. – Michael Plautz – 2018-10-24T21:50:00.247
If you assume NAT is a security measure, you are doing things wrong. You can configure a firewall if you want to limit what's reachable. – kasperd – 2018-10-24T22:28:13.497