This seems to apply to all versions of DD-WRT at the time of writing (2014/01/06 [yyyy/mm/dd]).
You’ve just bought yourself a domain (foo.bar). You test your webserver from within the LAN “https://myserver” and it works. Joy!
You then update your public DNS record with an “A” entry, point it at your WAN IP (which your router should tell you), set-up port forwarding/DMZ/etc and finally test from your phone which is using mobile Internet and thus outside the LAN “https://foo.bar” and it works. Double joy!
Next you try to access “https://foo.bar” from the LAN itself and…..nothing. It just times out. WTF?
This appears to be a limitation of DD-WRT whereby it doesn’t support “NAT loopback”, so what happens is the returning packets vanish into the ether. I’ve read various posts about build WXYZ fixing the issue, but to be honest they haven’t. It just doesn’t work, so forget it and stop tearing your hair out. There are two ways to fix this:
- Add a DNS entry on the router so that “foo.bar” resolves to the relevant LAN IP (remember to make sure the server is on a fixed IP).
- Hack IPTABLES and make it work. See here and here (you will need telnet/SSH access).
Either one should fix your issues, which one you pick is up to you. If you got for option 1, be aware that “https://your.wan.ip.here” still won’t work.
Also note that even if you have “syslogd” and firewall logging enabled, the web UI won’t show you any messages; so don’t go looking there to try and diagnose any issues. telnet/SSH in and then “cat /tmp/var/log/messages” and see what is getting DROPped, ACCEPTed, etc.
If you can provide details on a better way to fix this, then please let me know in the comments.
Leave a Reply
You must be logged in to post a comment.