How do i setup NAT Loopback for a domain name?

Hi, i have a requirement where i have several domains that i need to loopback to a local IP address. I have read that most decent enterprise routers can loop back the outgoing request to a local IP. Called NAT loopback or DNS rebinding.

I have for example:

subdomain.mydomain.com

and i want to send the outbound WAN requests to these domains made from within the network to be redirected to local IPs.

subdomain.mydomain.com -> 192.168.10.150
subdomain2.anotherdomain.com -> 192.168.10.160

I’ve been looking high and low to work out how to do this with a Peplink Balance One router and i cannot seem to work it out on my router.

Please can anyone help?

Thanks

In Network > LAN | Network Settings enable DNS Proxy and add your entries then make sure your client devices are using your balance for DNS.

If they are not set to use your balance for DNS then enable DNS Forwarding under Network > MIsc. Settings | Service Forwarding

image

3 Likes

Thanks Martin, very helpful.

I forgot to mention that i would like to send them to specific ports, is this possible?

When i tried the domain url internally over HTTPS, i get a certificate error, it shows its issued for www.captive-portal.peplink.com when the domain url has it’s own certificate that the request isn’t reaching.

Expand on this requirement please - perhaps an example?

That is the https cert for the inbuilt captive portal on the peplink. Add the local dns entries above to your router and flush your DNS cache on your PC and you should get redirected directly to the local LAN IP when you visit those URLs where the SSL cert would work as expected.

Sorry yes an example:

https://subdomain.mydomain.com -> 192.168.10.150:8123
https://subdomain2.anotherdomain.com -> 192.168.10.160:9870

So i am after any internal any outbound request to those domains above gets routed back to a local IP with specific port (over a SSL connection) - I thought once i knew how to redirect it, i could work that bit out… but i’ve clearly failed.

I hadn’t flushed the DNS (forgot) but have since flushed it with ipconfig /flushdns and the issue persists.

So i have tried going to the domains above in a browser and i continue to get the SSL error (Edge) When i try in Chrome i get a 404 but with the routers MANGA address: https://subdomain.mydomain.com/cgi-bin/MANGA/index.cgi (also i cleared the browser caches)

If i ping the domain name from my computer it responds with the routers WAN IP address not the final destination IP

Thank you

That’s a fault you need to track down. Check that the PC you are testing from has the Peplink set as its DNS server. You’ll know its working as expected when you ping the domain names and get a local IP.

Also. go and change the web admin port away from 443 on your peplink. Eg, make it 4443, just to get the web interface of the router itself out of the way.

Yeah it does, i checked that

Thanks, yeah i have just done that too, flushed DNS’s and tried again. It still returns the WAN IP on ping

If you have the local dns entries on your Peplink and you ping the dns name and it still brings back the public IP then first thing to try is a flush of your local resolver cache (ipconfig /flushdns) in windows.

Then do a nslookup from your PC against the dns name and check it returns the internal IP.

1 Like

When you ping the name on the peplink itself what happens?

the NSlookup returns

Server: unknown
Address: 192.168.0.2 (router IP)

Non-authoritative answer:
Name: subdomain.mydomain.com
Address: {WAN IP}

This is more positive, using the router -> ping on the WAN connection it recognises the correct IP i want, but not packets return.

When i ping on the router -> LAN connection it returns the correct IP and all the packets.

Screenshot your routers DNS proxy settings for sanity’s sake please.
The peplink should return local DNS records when they exist not public records.

Good. that’s expected behavior.

1 Like

I’ve tweaked the name obviously

Also i tried ping/nslookup/flushdns on another computer (my laptop) and i get the same results

On your PC what do you get if you run
nslookup subdomain.mydomain.com 192.168.x.2

(change the domain and .x above obviously)

Server: unknown
Address: 192.168.x.2

Non authoritative answer:
Name: subdomain.mydomain.com
Address {WAN IP}

Doesn’t make sense. This should just work.

Turn on DNS caching on the Peplink and apply changes (you shouldn’t need it but maybe that will restart the DNS server internally). If that doesn’t fix it reboot the router.

If that doesn’t fix it log a ticket.

1 Like

I have tried both of your suggestions, but still the issue persists.

Side note Q: Is it possible (when its working) to then direct the request to a specific port?

I’ll submit a ticket in a minute, thanks for your time and help Martin.