Redirect dyndns conditionally [no NAT-loopback, Owncloud]

Hi. I am quite bad at this but will try to explain what I think I need.
My router doesnt have NAT-loopback option. I run Owncloud on RPI as well as pihole. I would like to access owncloud from home network and from outside of it from the same device (phone). I can do it now, but I have to change ip adress (external-internal).
RPI IP: 198.168.0.250
Phone home ip: 198.168.0.4 (with dns 198.168.0.250)
Phone 4G ip: subject to change
I created ex1.ddns.net adress to resolve to my external IP. I added a rule for pihole to resolve ex1.ddns.net to 198.168.0.250 (RPI) with help of Domain Redirect .
This config allows to me access Owncloud from home network. Log looks like this:
May 2 11:02:53 dnsmasq[992]: query[A] ex1.ddns.net from 192.168.0.4
May 2 11:02:53 dnsmasq[992]: config ex1.ddns.net is 192.168.0.250

I would like to access RPI (Owncloud) from outside of my home network without swapping ip.

Is it maybe possible to add a rule to pi hole: if querry ex1.ddns.net from 192.168.0.4 -> redirect to 192.168.0.250 else -> redirect to ex2.ddns.net (with my external ip behind it) ?

edit1: I cant use pihole on router level, every device in my network is reconfigured to use RPI ip as DNS.

UFF!
try it as hostrecord. (I understood that you manually blocked ex1.ddns.net on PiHole and redirected it to 0.250)
Idk how you did it but i used

pi@raspberrypi:~# pihole -a hostrecord home.mydomain.de 192.168.1.10

I have the same problem. With this command DNS requests (lan) to the hostrecord (ddns) will be answered with a specified local IP (PiHole). If you are outside you will not use the PiHole DNS so the request will be the real WAN IP.

PS: I hopped to nextcloud. I can just rate you :slight_smile:
Edit: Oh i saw you used Domain Redirect

I added a new file to /etc/dnsmasq.d with "host-record=ex1.ddns.net,192.168.0.250"
So i guess its the same story.

I also have found a vague description here: https://forum.owncloud.org/viewtopic.php?t=36773 , but it looks like outside home network access is also not set up.

I am sticking to owncloud for now - although nextcloud looks promising, there is no ios app for music streaming from nextcloud :slight_smile:

Oh now i understand: You want just spoof the device at 192.168.0.4 not all devices...
Ok we need to do following:

Whats about just ex.1.ddns.net? Simplified:

  • Tell the DNS: If all except 192.168.0.4 queries ex.1.ddns.net resolve it and give it back; otherwise redirect to 192.168.0.250

Now you need a script for that...

Answering your question - yes, but it is just a thought of a noob. No idea how to realize that.
Me scripting? Way too far... First week of playing with rpi, not a developer for a living.
What if I tell you that pi-hole is now also my DHCP server? Does it simplify things? My gut and the reading I've done in the past week suggests so, but I havent seen any ready-made sollutions and I am too fresh to suggest one on my own.
The goal is to reach my RPI using only one ip adress regardless of where am I.

Why not just use port forwarding on your router to point to the OwnCloud server? It's much simpler than creating a bunch of scripts that you may end up having to troubleshoot later.

I am using it. And it is working partially because I have to switch ip adresses on my phone depending on the network I am using (home wifi vs 4G). I am aiming to use single adress for connecting on 4G and home wifi.

If you are currently using this, all you need to do is use the FQDN from within and without your LAN. Both will resolve to your server.

That is my current setup for my NextCloud and TT-RSS servers.

Hello
I am facing the same problem , I cannot access any of my servers in my LAN if I am using the internet domain name.
I am trying to use the command
pihole -a hostrecord (Whats is this?) mydomain.com 172.26.0.1 (that is the internal ip of my router and DHCP provider

but I am getting this message from the console in my raspberry (where is pihole installed and working)

root@raspberrypi:/home/pi# pihole -a router mydomain.ddns.net 172.26.0.1
Usage: pihole -a [options]
Example: pihole -a -p password
Set options for the Admin Console

Options:
-p, password Set Admin Console password
-c, celsius Set Celsius as preferred temperature unit
-f, fahrenheit Set Fahrenheit as preferred temperature unit
-k, kelvin Set Kelvin as preferred temperature unit
-e, email Set an administrative contact address for the Block Page
-h, --help Show this help dialog
-i, interface Specify dnsmasq's interface listening behavior
-l, privacylevel Set privacy level (0 = lowest, 4 = highest)

I don't know what I am doing wrong, I would apprecciate any help thanks

This option was removed in v5.0

You could archive similar function with "Local DNS Records"

Thank you very much for you help. I realized that the option does not exist anymore.
The problem I have now is that I have a bunch of servers in different hosts within my LAN.
I access each one depending of the port that I am using after my domain Let's say
mydomain.net:9095----> 172.26.0.20:80
mydomain.net:8844----> 172.26.0.15:8080

I have all forwards setup in my router, however it seems that it does not have hairpin or DNS loopback because if I open the web page of any localhost using my domain from my LAN it gives timeouts and is not working propertly.

Is an annoyance if I want to ssh my pi from within my wifi or outside, because I have to use different addresses

Any help in how to solve this would be apprecciated.

Thanks

I'm not sure if I understand correctly what you want, but DNS doesn't care about ports. It will only map IP<>Name.

@yubiuser it's possible that he cannot get an ip for the name but that's not what I assume.
@Gradati I would say your router doesn't support "Traversal NAT". You are resolving mydomain.net to your public IP. Afterwards you send a TCP SYN to this IP but your Gateway (Router) says "no route for this host" and your conenction fails. Just try that with nslookup mydomain.net. If the result is your public IP then missing traversal NAT support is the cause and you should hang the manufacturer. If the result is another IP you have an overwritten hostname for whatever reason. If there is no ip address found you cannot resolve DNS.

I have such a problem with a cascaded NAT. I've got an Telekom-Router (bridging LTE and DSL over GRE tunnel) and behind it there is my Unifi Security Gateway. As the Telekom Router isn't reliable with traversal NAT I redirected the domain to the "public" address of my unify gateway (which is the ip in telekom-router's subnet).

Possible solution: If you also have an cascaded NAT as I described you can do what you wanted before but slightly different: You go into the pihole's OS and call sudo nano /etc/hosts, where you add an additional entry:
<"public" address of your cascaded router> mydomain.net

Possible solution: If you have an no cascaded NAT as I described you have two options:

  • setup an reverse proxy (I suggest you nginx), set your services on subdirs (e.g. mydomain.net/service1), manipulate hosts file to <ip of reverse proxy> mydomain.net
    • Why?: You need to route the requests (seems like http) on application layer if you don't want to set up 2 domains.
    • Good: one external and internal accesspoint, one port
    • Bad: single point of failure, subdirs (mydomain.net/service1) could destroy links on services (needs rewriting)
  • setup two subdomains (service1.mydomain.net, service2.mydomain.net), update them regulary via DDNS to your public IP to reach them externally, manipulate hosts file to <ip of service1> service1.mydomain.net and <ip of service2> service2.mydomain.net.
    • Why?: One domain can just address one IP. You have different IPs
    • Good: it works...
    • Bad: need to remember the ports, need to setup and update two subdomains
  • mix: setup two subdomains and a reverse proxy with vhost support: if you call service1.mydomain.net the reverse proxy redirects internally to 172.26.0.20:80, if you call service2.mydomain.net it's going to 172.26.0.15:8080. You also need to manipulate the hosts file for internal redirect.
    • Why?: You've still two domains but don't need to remember the ports anymore. Both services can run on port 80.
    • Good: one port to access, clear names, no services are destroyed by subdirs
    • Bad: single point of failure, two subdomains (but one port)

First of all, I want to tell you that I really apprecciate the time and effort you have made in your reply.
I read it a dozen times, slowly trying to understand all that you said.
1.- I made the nslookup mydomain.ddns.net and I got my public ip, so it appears that I am missing traversal Nat.
2.-I think that I don't have a cascade NAT, because I only have one router and all the hosts connected to it.
3.-I have at least 4 hosts in my lan, and in some of them I have different services working on different ports. I connecto to them from outside like this
mydomain.ddns.net:port-->router forwards to proper host and port

I have a dynamic ip and the DDNS is updated from one of the hosts inside the network
As it is a free service I cannot create a sub-subdomains and I only have 3 different subdomains.
I agree that subdirs wouldn't be a god idea because I believe some client would be able to connect like ssh client with the subdir.

Anyway, I really believe that this is out of scope of this forum, I thought that I could be able to arrange it with pihole but is not the case, I even tried to create local dns for service1.mydomain.ddns.net and route it to a local machine, it's working internally but not externally obviously.
I cannot find a way to solve it beyond buying a better router and replace this one or renting a payed ddns service.
Thanks a lot for you help with the issue, I really apprecciate it

Okay if you have more than just http traffic, I suggest you to choose the second option of the second solution. Set up two ddns domains, redirect them via pihole-hosts locally to the pc1 and pc2 and on the public side you just set both addresses equal (public ip). I do this with ddclient because the routers offers just one to update.

that will only work internally because the domain doesnt exist in the www. you can set "iamcool.com" in your hosts file, the pihole DNS will always answer that to your clients in the local network. to get it running outside you need to register the domain service1.mydomain.ddns.net on ddns.net and update it with your external ip.

Actually this is what I made.
I got a couple of domains with duckdns and I update them either from my nas or from my Raspberry and pihole is resolving them locally.
Works like a charm!!! Thanks a lot for your help.
Now everthing is easier and tidier.
Once again I apprecciate your help a lot!!!

1 Like