
Egress Hairpinning
I run a couple servers inside my network, mostly relying on a reverse-proxy to accept connections on TCP 443 and proxy the connections to the right internal server. I don't run separate internal v. external DNS. Instead, I have a more typical setup where I define an external DNS server in eero, then the eero includes its address as the DNS server in all DHCP addresses, and forwards the requests.
As a result, though, I can't access my server by [subdomain].[domain].com while *inside* my eero network. I have to instead use DNS shortnames. This is annoying for a number of reasons.
-
Got the system set up and I am not impressed at all (TONS of WiFi drops...can not move through the house without a drop at least every few minutes, but that's a topic for a different thread). The issue here is while one app on Android (the fantastic TinyCam Pro) can support a home/away feature, the app I am forced to use on iOS does not. So, my wife, in-laws, and mother can not see the cameras properly when they are home (or away; depending on set up).
Also note, the cameras are only one part. I have a number of Python apps that I access via ports (about 8) and there is no way I will tolerate multiple bookmarks or typing in the private IP address. Lastly, my wife, who also uses a few Python apps, does not even know what an IP is, much less remember which is what and so forth.
I have to be honest, I am appalled that a $500 router does not have what Linksys (and every single other router) has had since 2004. I don't want to be harsh, but the time and effort to get this system set up, and now have to go through the process to return is so dis-heartening.
-
I was an eero preorder customer and have overall loved the system, even if it's a little slim on features. But this is a must have feature for home automation, and is enough to move on to a competitor. Please, eero, address this fix quickly. It does not sound like a difficult addition and much simpler than the UI redesign work you keep pushing out.
-
jalvani thanks for checking in!
Our team closely monitors feedback from our community, support tickets, and all other places where customers share their feedback with us. While we don't have any updates to share regarding specific features updates at this time, we're always working on improvements.
The development of TrueMesh was a big project, and as you could probably imagine, depended on many resources across the organization. Same goes for our recent app design refresh. While neither of these was a direct feature request from the community, they were important in continuing to allow eero to become a greater overall experience.
The process for building new features really depends on resources and how it fits into the current state of eero and other projects we have going on. We look forward to continuing to build great new features, as well as looking to develop many requests that have been featured here.
-
This is what I received from them today:
Raoul (eero Customer Support)
Feb 14, 1:49 PM CST
Hello David, Currently customers would use a website interface or log directly into cameras, if using a device on the internal network. No Timeline for implementation of NAT-Loopback but will submit as a feature request.
Raoul @ eero
-
I just picked up my Eero mesh system from Best Buy yesterday. After spending over an hour working through the app setting up all of my static IP addresses and port forwards, I was wondering why I could not access my Synology NAS and my IP cameras via DNS names when I came upon this thread. I can't believe that these devices cannot perform such a fundamental feature that every other router that I have ever used has supported. I have 13 more days to decide if I am going to keep it or if this is a deal breaker. It would be nice to have some sort of ETA from Eero regarding this much desired feature request.
-
I just configured my Eero system, and found about this egregious limitation for such a premium product. I have a home server which requires me to use port forwarding.
My Apple Time Capsule allowed me to access my home server from either inside of outside my home network using my public IP address. I suspect it has to do with the "default host" setting.
And now I'm at a loss, not really knowing if I should return my new Eero system and look elsewhere for another WiFi system that does support NAT loopback.
Jeff C. it would be great if you could weigh in on whether or not this feature in planned to be implemented in the near future. Is this even in the roadmap?
-
Eh, we're still early adopters, who tend to skew more technical. We become evangelists who take the product to the general population.
I'm also not willing to look over the fact that updating the app likely laid the a foundation for other features that bring more value. I don't think they just "[made] the app look prettier". That's awfully dismissive.
-
Hi russwittmann —
Thanks for chiming in.
You should still be able to access your office server without hairpin NAT support. Without this feature, you wouldn't be able to resolve your own public IP from inside the network. However, you can still access these resources by using their local IP in place of the public IP.
-
Jeff C. I think we all appreciate your responses, because frankly, many similar companies don't respond, nor with intelligible remarks. Ha ha.
However, most of us know the difference between private/public/DNS options, but the issue is with either reconfiguring as russwittmann mentioned, or in my case, my wife/daughter/in-laws will never know what these things mean. On the stupid iPhone, there are no above average IP camera apps (like the wonderful TinyCam Pro on Android) that allow for on/off network for multiple brands of cameras.
I am fully aware that Jeff C. is not intentionally saying "NOOOOO" to us, but I do think this happens to need a priority. I also am aware that I have zero idea how to code and am only one person, it does seem this could easily be supported. With your main competition being Luma (supports it), AirPort Extreme/Express (supports it), Google WiFi (supports it), Linksys EA series (supports it with an option to turn on/off), AmpliFi (supports it), Velop (supports it), Netgear routers (supports it), Asus routers (supports it), and I don't need to go further, it seems it should be a priority just from a parity standpoint.
I know we are all speaking the same language here, but this needs attention. It is essential for routing. Parental controls are not essential, they are Selling Points and damn good ones that make our lives better. But not supporting an essential feature of routing on a router is what is troubling us all.
This is all written with respect and compassion, so if there is area for offense, I apologize up front.
-
Jeff C. Thanks for getting back to us. Unfortunately that's a pretty lousy workaround. If Eero doesn't want to implement NAT loopback, then just say so, so we can move along and buy a product that will support such a basic feature.
I know you're not the one taking those decisions and are just the messenger but this should be addressed.
-
Thanks for clarifying, russwittmann — I'm happy to share the use-case with our team in addition to the feedback for this request.
Luc & Konolua —
NAT loopback/hairpin NAT is a feature we hope to eventually support. If this wasn't something we would consider, it would have a status of Not Planned.
While I don't have a timeline to share, the ongoing discussion here for this request is invaluable to making a case to implement it. To convey that, it is important to keep the feedback as qualitative as possible, which everyone here has done a great job of doing.
I'll be sure to update this thread with any updates. We really do appreciate everyone's feedback and time, and look forward to continuing to hear your feedback and requests.
-
I'm in the same boat as everyone else here. We need NAT loopback enabled. It's 2017 and I don't know of any other router that doesn't have such a basic feature. Because of this limitation I have to set up 2 different app settings for my security cameras and switch between the 2 depending on if I'm at home or away. Major PITA. It's been close to 6 months now and nothing.....
-
I absolutely agree with all of your posts. NAT loopback is a must have feature. I too have a server that can be accessed using our SSL DNS from outside of our office but cannot be reached from within our local network. To work around it, we need to use a local IP address but our database clearly indicates being used off SSL but the worst is to train my co-workers to use different links when they are in the office and when they leave the office. My coworkers are not very happy about it. It is a temporary workaround but it would be much better to have access using our domain name which has our SSL linked to it.
Jeff C. I appreciate you getting back to us as often as you do. I really hope that by me adding this post, and calling your support tech yesterday, your coding department notice how many of us are in need of this feature.
As a database administrator myself, I can see how getting requests from every department can be overwhelming but like mentioned before, this is a major feature, it should be placed with high priority to your list and it must be implemented soon.
Trust me, it will get a great positive impact on your customers like us. We like nice products like yours but it also needs to support basic features like NAT loopback.
I hope to hear back from you with good news Jeff C.
Regards!