The goal is to be able to access a web server which is hosted behind a zeroshell NAT from within a network protected by the same Zeroshell router. The classical NAT loopback problem.
- Site www.myweb.com is hosted on a server connected to a LAN protected by a NAT.
- www.myweb.com resolves to the public IP address of the above mentioned NAT.
- When i access www.myweb.com from outside the NATted LAN, all works fine.
- When i access www.myweb.com from within the NATted LAN, i cannot access the webserver.
Static IP Address
With a static public IP address, this is very simple and can be done using the Router > Virtual Servers table in Zeroshell:
|Input Interface||Use ANY, or the interface of the local NATted LAN|
|IP Address||The static public IP Address|
|Protocol||In this example TCP|
|Local Port||In this example 80|
|Remote IP||The LANs local IP address of the web server|
|Remote Port||In this example 80|
Dynamic IP Address
This is annoying, cuz we never know the IP address until we are connected. I chose an approach which makes use of a dynamic DNS setup, because i already had that setup. The main concept is the following:
- Zeroshell boots up
- Zeroshell brings up all services, internet connection and updates IP address on dynamic DNS system.
- Zeroshell then adds a rule to the firewall table and uses the FQDN of the dynamic DNS to obtain the public IP address to setup the rule.
- Every 10m Zeroshell checks that the IP address hasn't changed. If it has, delete the old rule, and add an updated one.
Using a DDNS lookup has the advantage of taking always the public IP address, regardless of which internet connection one is using (if the DDNS is setup properly). I chose this route also because i do have two outbound connections, so finding which IP address is currently the default route would have made this script more complicated.
Add "NAT and Virtual Servers" script
This goes in Setup > Scripts/Cron > "NAT and Virtual Servers"
Add new cronjob to run every 10 minutes
The system will save the last IP address in a file in /Database/LAST_PUBLIC_IP.