<html><head></head><body>I think that's the problem. Check your DNS and see which IP you're getting when you put the external name in.<br><br><div class="gmail_quote">On June 5, 2020 8:04:19 AM EDT, Lloyd Kvam <lkvam@venix.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">My approach has been to provide the external names to dnsmasq so that the names are attached to<br>the correct IP address at home and away.<br><br>I'm using an IQrouter (runs openWRT) which makes this pretty painless to setup.<br><br>To be clear:<br>from outside my office on the net<br> $ host www.venix.com<br>www.venix.com has address 68.238.56.186<br><br>from in my office (I'm using the 172.x.x.x private address space as a holdover from running<br>Lede and the buffer bloat software)<br><br> $ host www.lan<br>www.lan has address 172.30.42.28<br><br>$ host www.venix.com<br>www.venix.com has address 172.30.42.28<br><br>That's not what you asked for, but it might fit your needs. With my openWRT based router, the<br>advanced menu provide Network / Hostnames which supplements the DHCP name/address resolution in<br>dnsmasq. You can figure out the setup on your RasPi to add the required host entries.<br><br>(For those hosts that need to be visible to the broader Internet, I use port forwarding through<br>the firewall.)<br><br>On Fri, 2020-06-05 at 00:16 -0400, Ken D'Ambrosio wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;">Hey, all. So I finally yanked my Comcast modem ("for reasons," largely<br>having to do with lack of static routes), and put in my own cable modem,<br>a WAP, and a RasPi-4 that's doing routing/NAT. It all works great. <br>But... I have services exposed that I want to access on the public IP. <br>It works *great* from out there, but if I try to access the public IP<br>from my NATted network, no dice. And, sadly, if there's one Linux place<br>where there's a truck-sized hole in my knowledge, it's IP Tables. I've<br>googled the Interwebs to no avail on what magic IPTables stuff would be<br>needed to make it work. Here's my current script:<br><br>root@ubuntu:/usr/local/bin# cat start-NAT.sh <br>#!/bin/bash<br>export PUBLIC=eth1<br>export PRIVATE=eth0<br><br>echo 1 > /proc/sys/net/ipv4/ip_forward<br>iptables -t nat -A POSTROUTING -o $PUBLIC -j MASQUERADE<br>iptables -A FORWARD -i $PUBLIC -o $PRIVATE -m state --state<br>RELATED,ESTABLISHED -j ACCEPT<br>iptables -A FORWARD -i $PRIVATE -o $PUBLIC -j ACCEPT<hr>root@ubuntu:/usr/local/bin# cat start-port-forwarding.sh <br>#!/bin/bash<br><br>export PRIVATE=eth0<br>export PRIV_IP=192.168.10.1<br>export PUBLIC=eth1 <br>export JELLYFIN=192.168.10.12 <br><br>iptables -A FORWARD -i $PUBLIC -o $PRIVATE -p tcp --syn --dport 8096 -m<br>conntrack --ctstate NEW -j ACCEPT<br>iptables -A FORWARD -i $PUBLIC -o $PRIVATE -m conntrack --ctstate<br>ESTABLISHED,RELATED -j ACCEPT<br>iptables -A FORWARD -i $PRIVATE -o $PUBLIC -m conntrack --ctstate<br>ESTABLISHED,RELATED -j ACCEPT<br>iptables -P FORWARD DROP<br>iptables -t nat -A PREROUTING -i $PUBLIC -p tcp --dport 8096 -j DNAT<br>--to-destination $JELLYFIN<br>iptables -t nat -A POSTROUTING -o $PRIVATE -p tcp --dport 8096 -d<br>$JELLYFIN -j SNAT --to-source $PRIV_IP<hr>If anyone could be kind enough to let me know what extra magic(tm) I<br>need to employ to get at my public IP from inside, I'd be most<br>interested to hear. <br><br>Thanks! <br><br>-Ken<hr>gnhlug-discuss mailing list<br>gnhlug-discuss@mail.gnhlug.org<br><a href="http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/">http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/</a><br></blockquote>-- <br>Lloyd Kvam<br>5 Foliage View<br>Lebanon, NH 03766<br>802-448-0836<hr>gnhlug-discuss mailing list<br>gnhlug-discuss@mail.gnhlug.org<br><a href="http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/">http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/</a><br></pre></blockquote></div></body></html>