Unable to reach duckdns domains from local network.

What you are seeing is likely explained as your new router lacks NAT reflection capability. See:

https://docs.netgate.com/pfsen…ere%20on%20the%20Internet.

I run pfsense here on Comcast cable internet which is DHCP bridged. pfsense has NAT reflection capability but it is not enabled by default. I have it enabled and it works.

Have you tried a hosts file substitution on each machine where you would like this to work?

Zitat von Agricola

I have been working on this issue off and on for the past few days. Sorry gderf for not replying sooner.

When it comes to host file subs i am able to pass a host name to a url easy enough in the /etc/hosts file, but when it comes to a url with a port number attached, it doesn't work:

Code

192.168.1.140    th140 # works
192.168.1.140:444    nextcloud.<subdomain>.duckdns.org # does not work

As I said in a post above nextcloud and the other duckdns servers work perfectly when I access remotely, never on the LAN.

To access your nextcloud you don't need the port added to the hosts file. You would remove the line with the port number and add the port to the web address in the web browser

(nextcloud.<subdomain>.duckdns.org:444)

As an alternative solution, you could implement a local DNS for your LAN so that the ip/domain entries will work on all devices. Some routers have an option for this, but if they don't you can run up a pi-hole server and set the DNS entries for the LAN in the router to point to pi-hole. Pi-hole would then have the entries to equate the loacal IP to the domain, and if set correctly, anything it doesn't have an entry for would get passed on to an internet DNS service such as google.

If you are running a reverse proxy, as you should for anything that is being web accessed, the pihole entry would point to the reverse proxy and it then would point to nextcloud or whatever other services you are exposing.

Zitat von Agricola

but are inaccessible on the LAN

Have you try to find info on "NAT hairpinning"?

Zitat von Soma

Have you try to find info on "NAT hairpinning"?

Explained to the OP in post #2 and apparently his router lack the capability.

Zitat von Agricola

A couple of days ago I upgraded my home internet from AT&T "high speed" DSL, to Verizon 5g cellular on an ASK-NCQ1338FA modem/router/wifi cube. That is an increase from 5mb down/.5mb up to about 300mb down/20mb up. Great stuff. Port forwarding was easy to set up. All of my duckdns servers work .... remotely, but are inaccessible on the LAN. In fact, when I enter the base subdomain.duckdns.org in a browser, my new router's admin page pops up. I never had this problem setting up port forwarding with AT&T. This new router's settings are quite simple, I cannot figure out what I am doing wrong, or if the router simply doesn't quite have the capability to pull it off.

Is anybody on the forum using Verizon's 5g home internet, or anyone for that matter with some idea of how to fix this little problem?

If you can, set your ASK-NCQ1338FA to "pass-through" mode and go back to pfsense. You cannot go wrong with it.

Set up for pass-through

Zitat von Agricola

I did see something about setting pfsense to Static ip or DHCP and then running it through DMZ in the Verizon router but didn't try that. I could never figure out the details.

In pfsense you should set your LAN Interface to Static IPv4 and gateway/router IPv4 to Static IP address..

Zitat von Agricola

Thanks andrzejls . I will work on it the next chance I get.

Agricola, Yesterday I switched to AT&T 1 GB Fiber with BGW320-500 modem from AT&T . I had no issue with pfSense+ router (old PC converted) after I disabled WIFI , ALL Firewall and selected "IP Passthorugh" mode using "DHCPS-fixed" settings.