
Egress Hairpinning
I run a couple servers inside my network, mostly relying on a reverse-proxy to accept connections on TCP 443 and proxy the connections to the right internal server. I don't run separate internal v. external DNS. Instead, I have a more typical setup where I define an external DNS server in eero, then the eero includes its address as the DNS server in all DHCP addresses, and forwards the requests.
As a result, though, I can't access my server by [subdomain].[domain].com while *inside* my eero network. I have to instead use DNS shortnames. This is annoying for a number of reasons.
-
Hi everyone —
First and foremost, I'd like to thank all here for contributing to this topic and sharing your thoughts with us regarding your interest in Hairpin NAT. I'm excited to share that with eeroOS 3.3, Hairpin NAT is now officially supported on eero networks.
To use Hairpin NAT, all you will need to do is create a port forward. Once done, you will be able to access your devices from both in and out of your network.
If you are unsure what version your eero network is on, you can check by:
- Opening the app.
- Tapping the menu button.
- Tapping on Network Settings.
Under the section Network software, you will either see Update available (needs to be updated) or Up-to-date (your network is on 3.3).
Again, we greatly appreciate everyone's patience and understanding as we've worked on getting this feature out. As a company, we hold a high standard in any feature we implement, and it requires the necessary vetting to ensure that anything implemented both keeps your network secure and working as expected.
If you have any questions, please let us know.
-
Hi jalvani —
Welcome to the eero community! We appreciate you reaching out and taking the time to share your feedback.
We've heard quite a bit of discussion surrounding DNS settings here in the community, and we appreciate you chiming in with your case as well. I will share this feedback with our team.
Thanks again!
-
Hey, Jeff,
Thanks for following up. This isn't as much a DNS feature as a traffic routing feature. My request is that I'm able to make a request from inside my network to my WAN IP, and the eero is smart enough to either (a) look in its NAT table and forward/proxy that request to the internal port while keeping name information intact (to permit reverse-proxy requests) or (b) just permit a hairpin route from internal to public IP and back inside.
-
jalvani Just wanted to let you know that I, too, would like this feature. I'm running a security camera server inside my home, and I can't access it from within my home using the friendly domain address I can use outside of the house. I emailed support, who explained that some engineers believe it is a security issue, but that many users have requested this feature. Hopefully they'll make it an option that we can enable soon enough.
-
Hi jalvani —
Thanks for following up.
All feedback from our customers is invaluable to us and we continue to evaluate future features and improvements to the overall eero experience based on what we here. The purpose of this community is to gather feedback and understand what our customers are looking for, which allows us to make such decisions down the road.
In a perfect world, we'd be thrilled to get every requested feature out there for our customers. However, we are working on a lot of exciting new improvements and features which means our resources are currently working on those projects.
We will continue to evaluate future decisions based on the feedback and needs of our customers.
-
Thanks, Jeff , I understand that eero can't work on all requested features simultaneously. This is a board ostensibly for the solicitation of feedback, many of which will lead to new feature requests, though. At the moment, it's no more than throwing cards into a "Suggestions?" box, and hoping maybe something happens in the future.
Some amount of a roadmap, or list of features currently being considered, or really anything that provides some degree of visibility would be a huge benefit, and would start building a community.
-
Our community here is still relatively new, so at this point, it may feel more like a suggestion box as people are going to add their specific requests and feedback. As it fills out, and more customers join in and contribute to existing topics, our team will be able to gauge what interest there is in certain types of features.
Our team has their eyes on our community (as well as other channels like social media and Reddit) where we are monitoring all forms of feedback that help us make such future decisions. While we don't share a product roadmap, and there isn't a plan to at this time, we hope that discussions like these will allow our customers to engage with team members like myself where we can help shape the future of eero and give our customers the opportunity to contribute in shaping that path.
Thanks again.
-
I know this is a little old and has be discussed above but I would also like to add another request for this feature.
I am in a similar position with a couple internal servers; one being a NAS that has nice capabilities like a photo gallery website. All my external facing sites are using trusted SSL certificates and I have the sites locked down to fully qualified domain names. My issues comes into accessing the site internally using the fully qualified domain name as mentioned above.
Most consumer routers have this function built-in; I'm coming from a dead Ubiquiti ERL, they refer to this as nat hairpining (also called nat reflection or nat loopback)
Other than this one issue I love the product, I think my wife loves it more since there is little I can tinker with and break... lol
-
I too would like to add my vote for NAT Loopback / NAT Hairpinning. Set everything up last night, love the speed and range, but disappointed to find out that I cannot access my IP Surveillance System using my external DDNS address. Would really like to keep these instead of switching back to OnHub which did support loopback. Hopefully the team can provide an update; is this at least on the roadmap?
Jeff C.
-
I just got a set today and found out that it does not have NAT loop back feature . I need it for my security cameras. Is there a time frame for this to be implemented. I would like to keep the unit, but if the feature is not available anytime soon then I would go back with my old router.
Can some someone from eero advise?
Regards,
K
-
This is a growing need for eero users. I have eeros installed at two homes and cant access (with knowing IP addresses or some internal DNS setup):
- QNAP backup (they have an external dns service)
- Crestron home automation (they have external dns) - yes Zuckerberg uses this in his Jarvis home
- Several DVR/NVR security camera configurations
- Slingbox
I use an external ddns service from NOIP.com for a single address for each of these devices - would like to use this noip address inside of my house.
-
I must note, my eeros are arriving on Tuesday, and it sounds like they will immediately be returned. If I can not access them by putting in my public IP address or associated DynDNS hostname, I will not only be unable to use my 8 security cameras, but will also understand the mindset of eero. I am coming from Luma because of poor performance, but they at least support a fundamental understanding of networking.
Let's hope I have simply misunderstood, but this would affect 100% of security camera users, which of course are probably the bulk of your first round buyers and certainly your cheerleaders among your platform.
-
Konolua You'll still be able to access your cameras from outside your network via your networks public IP/DynDNS name, and inside your network via private IP. The issue is that if you want to use the same DNS name to access your cameras externally or internally via the same DNS name, you need to run split external and internal DNS zones which is more complexity than many router makers expect for home networks.
-
But on all routers I've tried (7+ in a year and a half), and on Luma this moment, I just leave my hostname (or public IP) in my camera app and I see my cameras on or off network. Only the Linksys EA9500 had a NAT Redirect feature I had to keep off for it to work. Every other router I've had or tried for the past 3+ years has worked out of the box with NAT loopbacks.