How do i setup NAT Loopback for a domain name?

DisturbedPixel · March 26, 2020, 10:18am

Hi, i have a requirement where i have several domains that i need to loopback to a local IP address. I have read that most decent enterprise routers can loop back the outgoing request to a local IP. Called NAT loopback or DNS rebinding.

I have for example:

subdomain.mydomain.com

and i want to send the outbound WAN requests to these domains made from within the network to be redirected to local IPs.

subdomain.mydomain.com → 192.168.10.150
subdomain2.anotherdomain.com → 192.168.10.160

I’ve been looking high and low to work out how to do this with a Peplink Balance One router and i cannot seem to work it out on my router.

Please can anyone help?

Thanks

MartinLangmaid · March 26, 2020, 11:12am

In Network > LAN | Network Settings enable DNS Proxy and add your entries then make sure your client devices are using your balance for DNS.

If they are not set to use your balance for DNS then enable DNS Forwarding under Network > MIsc. Settings | Service Forwarding

DisturbedPixel · March 27, 2020, 1:47am

Thanks Martin, very helpful.

I forgot to mention that i would like to send them to specific ports, is this possible?

When i tried the domain url internally over HTTPS, i get a certificate error, it shows its issued for www.captive-portal.peplink.com when the domain url has it’s own certificate that the request isn’t reaching.

MartinLangmaid · March 27, 2020, 2:39am

Expand on this requirement please - perhaps an example?

That is the https cert for the inbuilt captive portal on the peplink. Add the local dns entries above to your router and flush your DNS cache on your PC and you should get redirected directly to the local LAN IP when you visit those URLs where the SSL cert would work as expected.

DisturbedPixel · March 27, 2020, 2:56am

Sorry yes an example:

https://subdomain.mydomain.com → 192.168.10.150:8123
https://subdomain2.anotherdomain.com → 192.168.10.160:9870

So i am after any internal any outbound request to those domains above gets routed back to a local IP with specific port (over a SSL connection) - I thought once i knew how to redirect it, i could work that bit out… but i’ve clearly failed.

I hadn’t flushed the DNS (forgot) but have since flushed it with ipconfig /flushdns and the issue persists.

So i have tried going to the domains above in a browser and i continue to get the SSL error (Edge) When i try in Chrome i get a 404 but with the routers MANGA address: https://subdomain.mydomain.com/cgi-bin/MANGA/index.cgi (also i cleared the browser caches)

If i ping the domain name from my computer it responds with the routers WAN IP address not the final destination IP

Thank you

MartinLangmaid · March 27, 2020, 3:07am

That’s a fault you need to track down. Check that the PC you are testing from has the Peplink set as its DNS server. You’ll know its working as expected when you ping the domain names and get a local IP.

MartinLangmaid · March 27, 2020, 3:08am

Also. go and change the web admin port away from 443 on your peplink. Eg, make it 4443, just to get the web interface of the router itself out of the way.

DisturbedPixel · March 27, 2020, 3:10am

Yeah it does, i checked that

DisturbedPixel · March 27, 2020, 3:13am

Thanks, yeah i have just done that too, flushed DNS’s and tried again. It still returns the WAN IP on ping

MartinLangmaid · March 27, 2020, 3:17am

If you have the local dns entries on your Peplink and you ping the dns name and it still brings back the public IP then first thing to try is a flush of your local resolver cache (ipconfig /flushdns) in windows.

Then do a nslookup from your PC against the dns name and check it returns the internal IP.

MartinLangmaid · March 27, 2020, 3:17am

When you ping the name on the peplink itself what happens?

DisturbedPixel · March 27, 2020, 3:22am

the NSlookup returns

Server: unknown
Address: 192.168.0.2 (router IP)

Non-authoritative answer:
Name: subdomain.mydomain.com
Address: {WAN IP}

DisturbedPixel · March 27, 2020, 3:23am

This is more positive, using the router → ping on the WAN connection it recognises the correct IP i want, but not packets return.

When i ping on the router → LAN connection it returns the correct IP and all the packets.

MartinLangmaid · March 27, 2020, 3:26am

Screenshot your routers DNS proxy settings for sanity’s sake please.
The peplink should return local DNS records when they exist not public records.

MartinLangmaid · March 27, 2020, 3:27am

Good. that’s expected behavior.

DisturbedPixel · March 27, 2020, 3:31am

I’ve tweaked the name obviously

Also i tried ping/nslookup/flushdns on another computer (my laptop) and i get the same results

MartinLangmaid · March 27, 2020, 3:37am

On your PC what do you get if you run
nslookup subdomain.mydomain.com 192.168.x.2

(change the domain and .x above obviously)

DisturbedPixel · March 27, 2020, 3:40am

Server: unknown
Address: 192.168.x.2

Non authoritative answer:
Name: subdomain.mydomain.com
Address {WAN IP}

MartinLangmaid · March 27, 2020, 3:42am

Doesn’t make sense. This should just work.

Turn on DNS caching on the Peplink and apply changes (you shouldn’t need it but maybe that will restart the DNS server internally). If that doesn’t fix it reboot the router.

If that doesn’t fix it log a ticket.

DisturbedPixel · March 27, 2020, 3:50am

I have tried both of your suggestions, but still the issue persists.

Side note Q: Is it possible (when its working) to then direct the request to a specific port?

I’ll submit a ticket in a minute, thanks for your time and help Martin.