i need an adult. I know noone who would understand my worries, so you guys need to be it.

i have a nextcloud running on my raspberry pi. performance is horrible, dont ask, but it works.

i mostly use it to backup the photos of my phone sd card every night when my phone charges. Internally this works good. If i am elseplace it wont for obvious reasons.

In my youthful joy of doom i opened port 443 and forward it to my raspi. I get internet via cable and my ip is pretty much static (it was the same for 10 months). So external access is provided.

Now i thought, its stupid that i cannot sign an ssl certificate cause i dont have a domain. Lets buy domain. But before i do that i did some try runs with duckdns to test the principle.

Some back and forth, it works now. Pretty god, i could even make a cron job on the raspbi to renew (that should work right?). Only problem. randoname.duckdns.org doesnt work internally. Or should not at least.

So i googled a bit and it turns out that my router (a cable fritz!box i bought myself) can be a local network dns. Or cannot. Regardless what i try, it doesnt accept the changed config file.

Now the problem.

It works anyway. randoname.duckdns.org points to my external "static" ip and resolves to that from my internal network..so it works on my phone or laptop. if i traceroute the thing it goes via two hops out and finishes in less than 1ms.

Now to the problem:
I have no fokkin clue why. The expected behaviour would be that it shouldnt work. If i do what i intended todo on pc in the hosts file tracert works correctly, directly pointing to the internal ip.

What i cannot figure out, is it the fritz!box being smart? Is it my ISP being smart?

Reason to rant: i have absolutly NOONE to ask, i know not a single person who would even understand what troubles me. I want to learn, i want to know WHY not just some mindless russian patchwork of "if it works its good enough".

thats depressing.

  • 1
    So you enabled NAT Loopback?
  • 2
    Don't pull your hair yet. Accessing another machine on your internal network through the external address is called NAT hairpinning or NAT loopback. Looks like your router is good enough to support that. 😄

    Here's the Wikipedia article about NAT hairpinning: https://en.wikipedia.org/wiki/...
  • 0
    @ethernetzero that seems fitting. This "fritz!box" thingy is a rather new addition to my hardware inventory, replacing my isp provided router (they wanted 2€/m to enable wifi on their device). I dont know how known they are in the world but in germoney i made good experience at various homes with them.

    thanks for the pointing. I never heard of that function before
  • 1
    Fritz!box are good products but they cannot help you this time.

    Just keep the duckdns domain it will work fine (and free) and you can change it anytime you want, don't "waste" money for a domain that only you use

    Use let's encrypt on the duckdns domain (certbot will take care of auto-renew)

    Option A:
    keep the local ip in hosts file

    Option B:
    Setup pihole
    Set a custom rule in dnsmasq for your duck domain that points it to you lan addr (search in osmc forum)
    Set the pi (running pihole) as your lan dns server in the fritzbox.

    Option C:
    Turn off ssl
    (If you trust your lan it's not necessary)
    Use just your lan ip (no domain)
    When you are @ home -> works

    When you are Outside use the vpn provided by Fritz!box and it will work again.

    P.S: a pi is not a server its performance for things like own/next cloud sucks and thing get even worse with SSL on.
  • 2
    i am terribly sorry not being able to help. i just would love to see your first paragraph as official slogan for this community.
    @dfox (sorry)
  • 0
    @shelladdicted the thing is..the fritz!box already helps me. Apparently NAT hairpinning is basically what i want which makes a local DNS resolve for [domainname]2[internalIP] unnecessary.

    My rant was more about the fact that i dont understand why it does that.

    I know that a RaPi is not server, buti do not posses the hardware and the will to foot the bill for it. A RaPi is a low powered device that apparently can run for years as a permanent network device. I am not advocating to use it as a nextcloud instance and the web interface is certainly slow as hell. But, for my purpose as a NAS with web interface that also provides an android app it works exactly duo specs.

    About the pihole stuff. I wonder with how many raspberry pies i would end up if i would setup a new RaPi for every purpose i want.

    Who needs Servers anyway? Army of raspberries it is. Tasty.
  • 1
    @erroronline1 its okay to not be able to "help". This isnt stack overflow or any other indian infested (err, no offense) place for low quality tech questions. If i would really care i would research it on my own.

    For future reference, the behaviour i observed is called "NAT loopback". The router realizes that an DNS resolves to itself and therefore it uses its own port forwarding rules to deliver the correct device intended. Quite marvelous.

    And i often thing "i need an adult"..unfortunatly they are all secretly thinking the same
  • 0
    @BurnoutDV I own the current Fritz!box flagship 7590.

    the performance of a nextcloud file transfer letting him do the dns stuff (2 hops) sucks I get ~10MB/s

    using hosts or enabling my custom dns server (pihole) allows me to get full gigabit speed (~110MB/s).

    If you have a 3B+ (300Mbit ethernet) you should do more tests otherwise you're already getting the best performance you can get

    you can run pihole on the same pi but yes another dedicated would be better

    My "server" is an old broken laptop.
    It really sucks takes more space and power than a pi but for gigabit, usb3 and sata ssd is worth it.
  • 0
    Hmm, have you thought about using SDN like zerotier? It'll make your life easier. I have all my devices RPI, NAS, all hooked up to my zerotier network. Then I can access them via that network from anywhere. No need any NAT or port forwarding. Time Machine Backup works on it, as well as the Synology Drive which I used to sync my files to other devices. Side note, pi-hole ad blocking VPN also works on that network.
Add Comment