0

REWRITE should have a restriction option

I have a NAS server with an internal IP address of 192.168.0.100.
In addition, the NAS server can be addressed externally via firewall / port forwarding  & external IP.

I added a rewrite to access my NAS with the officially DNS - Name ( certificate ) and internal IP.

If i resolve in the home network, I get the internal IP 192.168.0.100 now. 
But if I want to access it externally from my cell phone, I also get the internal IP.
Of course I can't access it externally. 

I would like a possibility of restriction:

Instead of

mynas.mydomain.com -> 192.168.0.100

something similar like

my.external.ip:mynas.mydomain.com -> 192.168.0.100

If the request comes from the server my.external.ip, the REWRITE should apply, otherwise not.

2 replies

null
    • Calvin_Hobbes
    • 2 yrs ago
    • Reported - view

    Based on the the many requests posted here, this would be very high on their priority list.

    However, some routers/firewalls provide a feature called NAT Loopback which might be solution to your problem: 

    https://en.wikipedia.org/wiki/Network_address_translation#NAT_hairpinning

    You didn't mention what kind of NAS you have, but many consumer NAS  frequently have security vulnerabilities  and making them accessable to the internet is risky.    QNAP and Synolgy seem to appear often in when it comes to newly discovered NAS security vulnerabilites.

      • Alexander_Rudolf
      • 2 yrs ago
      • Reported - view

      Calvin Hobbes Thanks for your reply, you are right.
      The nas should not be always connected directly to the internet.

      But in my case, i am using a private docker / jitsy instance on my nas.
      My handy uses nextdns directly ( android: private dns ) and best it should internaly resolve to private private ip and externaly to the official ip.

      My router using NAT loopback, but my handy is using dns from nextdns directly and  not from my router. 

      Of course, i can open permanent VPN to my router, but  that's a battery issue then.
      Whining at high level, i know. But this function would make things easier for me.
      ( and others too i think )

Login to reply

Content aside

  • 2 yrs agoLast active
  • 2Replies
  • 109Views
  • 2 Following