49

Egress Hairpinning

I run a couple servers inside my network, mostly relying on a reverse-proxy to accept connections on TCP 443 and proxy the connections to the right internal server. I don't run separate internal v. external DNS. Instead, I have a more typical setup where I define an external DNS server in eero, then the eero includes its address as the DNS server in all DHCP addresses, and forwards the requests.

 

As a result, though, I can't access my server by [subdomain].[domain].com while *inside* my eero network. I have to instead use DNS shortnames. This is annoying for a number of reasons. 

161 replies

null
    • eero Community Manager
    • Jeff_C
    • 6 yrs ago
    • Official response
    • Reported - view

    Hi everyone —

    First and foremost, I'd like to thank all here for contributing to this topic and sharing your thoughts with us regarding your interest in Hairpin NAT. I'm excited to share that with eeroOS 3.3, Hairpin NAT is now officially supported on eero networks.

    To use Hairpin NAT, all you will need to do is create a port forward. Once done, you will be able to access your devices from both in and out of your network.

    If you are unsure what version your eero network is on, you can check by:

    1. Opening the app.
    2. Tapping the menu button.
    3. Tapping on Network Settings.

    Under the section Network software, you will either see Update available (needs to be updated) or Up-to-date (your network is on 3.3).  

    Again, we greatly appreciate everyone's patience and understanding as we've worked on getting this feature out. As a company, we hold a high standard in any feature we implement, and it requires the necessary vetting to ensure that anything implemented both keeps your network secure and working as expected. 

    If you have any questions, please let us know.

      • Luc
      • 6 yrs ago
      • Reported - view

      Jeff C. Is this also supported ports created via UPnP?

      • eero Community Manager
      • Jeff_C
      • 6 yrs ago
      • Official response
      • Reported - view

      Luc Hairpin NAT will be enabled on all port forwards both manual and UPnP.

      • Luc
      • 6 yrs ago
      • Reported - view

      Jeff C. Awesome!

      • WhiskerBiscuit
      • 6 yrs ago
      • Reported - view

      Jeff C. how about showing an example of setting up port forwarding for hairpin?

      • Honus
      • 6 yrs ago
      • Reported - view

      Jeff C. awesome! Works for me. I didn’t have to do anything special. My existing forwards just worked. 

      • Figg
      • 6 yrs ago
      • Reported - view

      Jeff C. Will this work if your modem/gateway's ports are closed?  I cannot port forward my modem/gateway anymore and I am wondering if this will work with my modems ports closed?  Sorry for my lack of knowledge on this topic.

      • eero Community Manager
      • Jeff_C
      • 6 yrs ago
      • Reported - view

      Figg

      It won't. In order to use Hairpin NAT, the port must be open on all port forwards for both the eero and any upstream devices. Is your modem also a router? If so, are you able to disable the routing feature?

      • Figg
      • 6 yrs ago
      • Reported - view

      Jeff C.  I have an xfinity gateway - wifi router and modem all in one. (more importantly, xfinity has all control) Perfect solution for most users, but I like to tinker and tweak things.  I just ordered an Arris modem so now I should be able to make all port forwarding through my eeros once I get my own modem online.  Thank you for your help and valuable information.   

      • rlopin
      • 6 yrs ago
      • Reported - view

      Jeff C. This works beautifully now. No more setting up two configurations for each network camera. Thank you for listening to the community and implementing this much needed feature!  

      • GNadezda
      • 5 yrs ago
      • Reported - view

      Jeff C. --

      I'm using a Frontier Actiontec MI424-WR router, and have my eero acting as my router, or at least I think that's what I'v configured. What I've done is set the eero as the DMZ Host on my router. Would that be similar to disabling the routing feature on the Actiontec? 

    • eero Community Manager
    • Jeff_C
    • 7 yrs ago
    • Reported - view

    Hi  jalvani —

    Welcome to the eero community! We appreciate you reaching out and taking the time to share your feedback.

    We've heard quite a bit of discussion surrounding DNS settings here in the community, and we appreciate you chiming in with your case as well. I will share this feedback with our team.

    Thanks again!

    • jalvani
    • 7 yrs ago
    • Reported - view

    Hey, Jeff,

     

    Thanks for following up. This isn't as much a DNS feature as a traffic routing feature. My request is that I'm able to make a request from inside my network to my WAN IP, and the eero is smart enough to either (a) look in its NAT table and forward/proxy that request to the internal port while keeping name information intact (to permit reverse-proxy requests) or (b) just permit a hairpin route from internal to public IP and back inside. 

    • eero Community Manager
    • Jeff_C
    • 7 yrs ago
    • Reported - view

    Thanks for the follow-up and for clearing that up,  jalvani .

    Happy to share that with our team! 

    • kybandy
    • 7 yrs ago
    • Reported - view

    jalvani Just wanted to let you know that I, too, would like this feature. I'm running a security camera server inside my home, and I can't access it from within my home using the friendly domain address I can use outside of the house. I emailed support, who explained that some engineers believe it is a security issue, but that many users have requested this feature. Hopefully they'll make it an option that we can enable soon enough. 

    • jalvani
    • 7 yrs ago
    • Reported - view

    It doesn't seem to be a priority at all for the eero team. I resorted to running a DNS sever inside my network. The lack of feedback and roadmap for eero is frustrating.

    • eero Community Manager
    • Jeff_C
    • 7 yrs ago
    • Reported - view

    Hi  jalvani —

    Thanks for following up. 

    All feedback from our customers is invaluable to us and we continue to evaluate future features and improvements to the overall eero experience based on what we here. The purpose of this community is to gather feedback and understand what our customers are looking for, which allows us to make such decisions down the road.

    In a perfect world, we'd be thrilled to get every requested feature out there for our customers. However, we are working on a lot of exciting new improvements and features which means our resources are currently working on those projects.

    We will continue to evaluate future decisions based on the feedback and needs of our customers. 

    • jalvani
    • 7 yrs ago
    • Reported - view

    Thanks, Jeff , I understand that eero can't work on all requested features simultaneously. This is a board ostensibly for the solicitation of feedback, many of which will lead to new feature requests, though. At the moment, it's no more than throwing cards into a "Suggestions?" box, and hoping maybe something happens in the future.

    Some amount of a roadmap, or list of features currently being considered, or really anything that provides some degree of visibility would be a huge benefit, and would start building a community. 

    • jalvani
    • 7 yrs ago
    • Reported - view

    Perhaps that's a topic for a different thread, though.

    • eero Community Manager
    • Jeff_C
    • 7 yrs ago
    • Reported - view

    Our community here is still relatively new, so at this point, it may feel more like a suggestion box as people are going to add their specific requests and feedback. As it fills out, and more customers join in and contribute to existing topics, our team will be able to gauge what interest there is in certain types of features.

    Our team has their eyes on our community (as well as other channels like social media and Reddit) where we are monitoring all forms of feedback that help us make such future decisions. While we don't share a product roadmap, and there isn't a plan to at this time, we hope that discussions like these will allow our customers to engage with team members like myself where we can help shape the future of eero and give our customers the opportunity to contribute in shaping that path.

    Thanks again.

    • JustinW
    • 7 yrs ago
    • Reported - view

    I know this is a little old and has be discussed above but I would also like to add another request for this feature. 

    I am in a similar position with a couple internal servers; one being a NAS that has nice capabilities like a photo gallery website.  All my external facing sites are using trusted SSL certificates and I have the sites locked down to fully qualified domain names.  My issues comes into accessing the site internally using the fully qualified domain name as mentioned above. 

    Most consumer routers have this function built-in; I'm coming from a dead Ubiquiti ERL, they refer to this as nat hairpining (also called nat reflection or nat loopback)

    Other than this one issue I love the product, I think my wife loves it more since there is little I can tinker with and break... lol

    • jalvani
    • 7 yrs ago
    • Reported - view

    Jeff C. any love for my pet peeve in this batch of updates?  

    • eero Community Manager
    • Jeff_C
    • 7 yrs ago
    • Reported - view

    jalvani no news to share, but I'll keep voicing it for when we evaluate what to build for future updates!

    • jalvani
    • 7 yrs ago
    • Reported - view

    And I'll keep checking in :-)

    • tedr
    • 7 yrs ago
    • Reported - view

    I requested this feature back on March 15th because it is a major issue.  Someone named John replied to me.  I'm extremely disappointed that I still can't use these eeros because it has yet to be fixed.  

Content aside

  • Status Implemented
  • 49 Votes
  • 2 yrs agoLast active
  • 161Replies
  • 11203Views
  • 66 Following