![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Gottfried Leibnizzle
Limp Gawd
- Joined
- Apr 29, 2015
- Messages
- 253
Howdy fellers,
I could really use some pointers. Here's my problem.
We have a temporary network at our new premises that uses a Huawei 4G modem/router/firewall/wifi combo device and a bunch of laptops.
The router is configured to NAT all the relevant services we need to/from the outside world. However, the device does not support hairpin NAT, that is, host names/FQDNs that are resolved as external (but really exist internally) are not reflected back into the internal network.
For example, our internal mail server is called mail.ourdomain.com. Internally it has a fixed IP of 192.168.10.9. However, externally it is routed via an MX record that points to our WAN ip, which could be 147.184.bla.bla or what have you.
Mail accounts in Outlook are configured to use mail.ourdomain.com for pop3 and smtp, but using external DNS makes it resolve to the WAN IP, and the device dumps the packets out into the cloud instead of hairpin NATting it back.
I can solve this by adding an entry in my hosts file:
192.168.10.9 mail.ourdomain.com
BUT this stops working whenever someone takes their laptop home and uses a wireless 3g/4g connection, then the above private IP becomes invalid, resolution fails and BLAM no email. The entry in the host file needs to be commented out for it to work. And uncommented once they get inside our internal network again.
This is turning into a real headache; is there a way to get this to work without resorting to implementing my own DNS or DMZ? If it were possible to have a hosts file per interface, then that would work but I'm too effin ignorant.
Thanks!
Riaan
I could really use some pointers. Here's my problem.
We have a temporary network at our new premises that uses a Huawei 4G modem/router/firewall/wifi combo device and a bunch of laptops.
The router is configured to NAT all the relevant services we need to/from the outside world. However, the device does not support hairpin NAT, that is, host names/FQDNs that are resolved as external (but really exist internally) are not reflected back into the internal network.
For example, our internal mail server is called mail.ourdomain.com. Internally it has a fixed IP of 192.168.10.9. However, externally it is routed via an MX record that points to our WAN ip, which could be 147.184.bla.bla or what have you.
Mail accounts in Outlook are configured to use mail.ourdomain.com for pop3 and smtp, but using external DNS makes it resolve to the WAN IP, and the device dumps the packets out into the cloud instead of hairpin NATting it back.
I can solve this by adding an entry in my hosts file:
192.168.10.9 mail.ourdomain.com
BUT this stops working whenever someone takes their laptop home and uses a wireless 3g/4g connection, then the above private IP becomes invalid, resolution fails and BLAM no email. The entry in the host file needs to be commented out for it to work. And uncommented once they get inside our internal network again.
This is turning into a real headache; is there a way to get this to work without resorting to implementing my own DNS or DMZ? If it were possible to have a hosts file per interface, then that would work but I'm too effin ignorant.
Thanks!
Riaan