Egress Hairpinning
I run a couple servers inside my network, mostly relying on a reverse-proxy to accept connections on TCP 443 and proxy the connections to the right internal server. I don't run separate internal v. external DNS. Instead, I have a more typical setup where I define an external DNS server in eero, then the eero includes its address as the DNS server in all DHCP addresses, and forwards the requests.
As a result, though, I can't access my server by [subdomain].[domain].com while *inside* my eero network. I have to instead use DNS shortnames. This is annoying for a number of reasons.
161 replies
-
Hi everyone —
First and foremost, I'd like to thank all here for contributing to this topic and sharing your thoughts with us regarding your interest in Hairpin NAT. I'm excited to share that with eeroOS 3.3, Hairpin NAT is now officially supported on eero networks.
To use Hairpin NAT, all you will need to do is create a port forward. Once done, you will be able to access your devices from both in and out of your network.
If you are unsure what version your eero network is on, you can check by:
- Opening the app.
- Tapping the menu button.
- Tapping on Network Settings.
Under the section Network software, you will either see Update available (needs to be updated) or Up-to-date (your network is on 3.3).
Again, we greatly appreciate everyone's patience and understanding as we've worked on getting this feature out. As a company, we hold a high standard in any feature we implement, and it requires the necessary vetting to ensure that anything implemented both keeps your network secure and working as expected.
If you have any questions, please let us know.
-
Hi jalvani —
Welcome to the eero community! We appreciate you reaching out and taking the time to share your feedback.
We've heard quite a bit of discussion surrounding DNS settings here in the community, and we appreciate you chiming in with your case as well. I will share this feedback with our team.
Thanks again!
-
Hey, Jeff,
Thanks for following up. This isn't as much a DNS feature as a traffic routing feature. My request is that I'm able to make a request from inside my network to my WAN IP, and the eero is smart enough to either (a) look in its NAT table and forward/proxy that request to the internal port while keeping name information intact (to permit reverse-proxy requests) or (b) just permit a hairpin route from internal to public IP and back inside.
-
Thanks for the follow-up and for clearing that up, jalvani .
Happy to share that with our team!
-
jalvani Just wanted to let you know that I, too, would like this feature. I'm running a security camera server inside my home, and I can't access it from within my home using the friendly domain address I can use outside of the house. I emailed support, who explained that some engineers believe it is a security issue, but that many users have requested this feature. Hopefully they'll make it an option that we can enable soon enough.
-
It doesn't seem to be a priority at all for the eero team. I resorted to running a DNS sever inside my network. The lack of feedback and roadmap for eero is frustrating.
-
Hi jalvani —
Thanks for following up.
All feedback from our customers is invaluable to us and we continue to evaluate future features and improvements to the overall eero experience based on what we here. The purpose of this community is to gather feedback and understand what our customers are looking for, which allows us to make such decisions down the road.
In a perfect world, we'd be thrilled to get every requested feature out there for our customers. However, we are working on a lot of exciting new improvements and features which means our resources are currently working on those projects.
We will continue to evaluate future decisions based on the feedback and needs of our customers.
-
Thanks, Jeff , I understand that eero can't work on all requested features simultaneously. This is a board ostensibly for the solicitation of feedback, many of which will lead to new feature requests, though. At the moment, it's no more than throwing cards into a "Suggestions?" box, and hoping maybe something happens in the future.
Some amount of a roadmap, or list of features currently being considered, or really anything that provides some degree of visibility would be a huge benefit, and would start building a community.
-
Perhaps that's a topic for a different thread, though.
-
Our community here is still relatively new, so at this point, it may feel more like a suggestion box as people are going to add their specific requests and feedback. As it fills out, and more customers join in and contribute to existing topics, our team will be able to gauge what interest there is in certain types of features.
Our team has their eyes on our community (as well as other channels like social media and Reddit) where we are monitoring all forms of feedback that help us make such future decisions. While we don't share a product roadmap, and there isn't a plan to at this time, we hope that discussions like these will allow our customers to engage with team members like myself where we can help shape the future of eero and give our customers the opportunity to contribute in shaping that path.
Thanks again.
-
I know this is a little old and has be discussed above but I would also like to add another request for this feature.
I am in a similar position with a couple internal servers; one being a NAS that has nice capabilities like a photo gallery website. All my external facing sites are using trusted SSL certificates and I have the sites locked down to fully qualified domain names. My issues comes into accessing the site internally using the fully qualified domain name as mentioned above.
Most consumer routers have this function built-in; I'm coming from a dead Ubiquiti ERL, they refer to this as nat hairpining (also called nat reflection or nat loopback)
Other than this one issue I love the product, I think my wife loves it more since there is little I can tinker with and break... lol
-
Jeff C. any love for my pet peeve in this batch of updates?
-
jalvani no news to share, but I'll keep voicing it for when we evaluate what to build for future updates!
-
And I'll keep checking in :-)
-
I requested this feature back on March 15th because it is a major issue. Someone named John replied to me. I'm extremely disappointed that I still can't use these eeros because it has yet to be fixed.
Content aside
- Status Implemented
-
49
Votes
- 2 yrs agoLast active
- 161Replies
- 11145Views
-
66
Following