49

Egress Hairpinning

I run a couple servers inside my network, mostly relying on a reverse-proxy to accept connections on TCP 443 and proxy the connections to the right internal server. I don't run separate internal v. external DNS. Instead, I have a more typical setup where I define an external DNS server in eero, then the eero includes its address as the DNS server in all DHCP addresses, and forwards the requests.

 

As a result, though, I can't access my server by [subdomain].[domain].com while *inside* my eero network. I have to instead use DNS shortnames. This is annoying for a number of reasons. 

161 replies

null
    • jalvani
    • 6 yrs ago
    • Reported - view

    Eh, we're still early adopters, who tend to skew more technical. We become evangelists who take the product to the general population. 

    I'm also not willing to look over the fact that updating the app likely laid the a foundation for other features that bring more value. I don't think they just "[made] the app look prettier". That's awfully dismissive. 

    • Luc
    • 6 yrs ago
    • Reported - view

    Please add NAT loopback. People seem to have been complaining about this for quite a while now and it is very disappointing that Eero doesn't support such a basic feature that most routers have been offering for years now.

    • russwittmann
    • 6 yrs ago
    • Reported - view

    Yes please add this basic feature. I have had to return mine due to this issue.  I must be able to access my in office server.

    • eero Community Manager
    • Jeff_C
    • 6 yrs ago
    • Official response
    • Reported - view

    Hi  russwittmann

    Thanks for chiming in.

    You should still be able to access your office server without hairpin NAT support. Without this feature, you wouldn't be able to resolve your own public IP from inside the network. However, you can still access these resources by using their local IP in place of the public IP.

    • russwittmann
    • 6 yrs ago
    • Reported - view

    Jeff C.  but when I leave the office I will have to reconfigure mail on my mobile device and laptop.

     

    • Konolua
    • 6 yrs ago
    • Reported - view

    Jeff C. I think we all appreciate your responses, because frankly, many similar companies don't respond, nor with intelligible remarks. Ha ha.

    However, most of us know the difference between private/public/DNS options, but the issue is with either reconfiguring as russwittmann mentioned, or in my case, my wife/daughter/in-laws will never know what these things mean. On the stupid iPhone, there are no above average IP camera apps (like the wonderful TinyCam Pro on Android) that allow for on/off network for multiple brands of cameras. 

    I am fully aware that Jeff C. is not intentionally saying "NOOOOO" to us, but I do think this happens to need a priority. I also am aware that I have zero idea how to code and am only one person, it does seem this could easily be supported. With your main competition being Luma (supports it), AirPort Extreme/Express (supports it), Google WiFi (supports it), Linksys EA series (supports it with an option to turn on/off), AmpliFi (supports it), Velop (supports it), Netgear routers (supports it), Asus routers (supports it), and I don't need to go further, it seems it should be a priority just from a parity standpoint.

    I know we are all speaking the same language here, but this needs attention. It is essential for routing. Parental controls are not essential, they are Selling Points and damn good ones that make our lives better. But not supporting an essential feature of routing on a router is what is troubling us all.

    This is all written with respect and compassion, so if there is area for offense, I apologize up front.

    • Luc
    • 6 yrs ago
    • Reported - view

    Jeff C. Thanks for getting back to us. Unfortunately that's a pretty lousy workaround. If Eero doesn't want to implement NAT loopback, then just say so, so we can move along and buy a product that will support such a basic feature.

    I know you're not the one taking those decisions and are just the messenger but this should be addressed.

    • eero Community Manager
    • Jeff_C
    • 6 yrs ago
    • Official response
    • Reported - view

    Thanks for clarifying, russwittmann  — I'm happy to share the use-case with our team in addition to the feedback for this request.

    Luc & Konolua  —

    NAT loopback/hairpin NAT is a feature we hope to eventually support. If this wasn't something we would consider, it would have a status of Not Planned.

    While I don't have a timeline to share, the ongoing discussion here for this request is invaluable to making a case to implement it. To convey that, it is important to keep the feedback as qualitative as possible, which everyone here has done a great job of doing. 

    I'll be sure to update this thread with any updates. We really do appreciate everyone's feedback and time, and look forward to continuing to hear your feedback and requests.

    • swede76
    • 6 yrs ago
    • Reported - view

    I'm in the same boat as everyone else here. We need NAT loopback enabled. It's 2017 and I don't know of any other router that doesn't have such a basic feature. Because of this limitation I have to set up 2 different app settings for my security cameras and switch between the 2 depending on if I'm at home or away. Major PITA. It's been close to 6 months now and nothing.....

    • wdw1532
    • 6 yrs ago
    • Reported - view

    I absolutely agree with all of your posts. NAT loopback is a must have feature. I too have a server that can be accessed using our SSL DNS from outside of our office but cannot be reached from within our local network. To work around it, we need to use a local IP address but our database clearly indicates being used off SSL but the worst is to train my co-workers to use different links when they are in the office and when they leave the office. My coworkers are not very happy about it. It is a temporary workaround but it would be much better to have access using our domain name which has our SSL linked to it.

    Jeff C.  I appreciate you getting back to us as often as you do. I really hope that by me adding this post, and calling your support tech yesterday, your coding department notice how many of us are in need of this feature. 

    As a database administrator myself, I can see how getting requests from every department can be overwhelming but like mentioned before, this is a major feature, it should be placed with high priority to your list and it must be implemented soon.

    Trust me, it will get a great positive impact on your customers like us. We like nice products like yours but it also needs to support basic features like NAT loopback.

    I hope to hear back from you with good news Jeff C.

    Regards!

    • russwittmann
    • 6 yrs ago
    • Reported - view

    wdw1532 swede76 returns speak louder.  If everyone just returned the product they would accelerate the feature.  Because like you said its been 6 Months just on this post.  I predict either we won't see the feature anytime soon or it will be a new product.

    • jalvani
    • 6 yrs ago
    • Reported - view

    russwittmann  I can only speak to my experience and opinion, but there's no way I'd return my eero kit just because of NAT hairpinning. I can spin up an internal name server to address this need until the feature is eventually added. It's a hassle, but it's not the end of the world. 

     

    That said, I want to *stop* running an internal DNS server, so Jeff C. if you can get this prioritized, it sure would be nice. 

    • Konolua
    • 6 yrs ago
    • Reported - view

    jalvani That makes tons of sense. However, I returned mine due to this specifically. Again, cameras are rendered useless on/off network, depending on the choice. Now, the MAIN problem is that some folks in my household chose iPhones (!) and the problem is there are no apps that allow for on/off network settings. So I can either accommodate on network usage with zero remote usage or off network with no on premises viewing. It is unacceptable. Now, had they chose a real phone like the Pixel or something, no big deal! TinyCam Pro solves this problem!

    For me, I have access to a few apps on network and I bother with changing the IP; so I agree with you if that was all I had. But 9 cameras (4 different models among the 9) all in one app on iOS is impossible. And even if something became available, I would have to buy the app simply because my $500 router (now $400; another good reason I returned it) router doesn't support it is not all that cool.

    So, I hope my return can help. Frankly, it's the reason I still follow this thread, because I would like to become a customer again. I do understand it may not be a big deal to all, hence why the feature is not included to begin with, and it is certainly not the end of the world....that is true! But for some of us, it is the end of using Eero, and that is unfortunate.

    • carlos31820
    • 6 yrs ago
    • Reported - view

    iOS app ip Cam Viewer Pro allows me separate settings (groups) for viewing my cameras at home or outside the home by just selecting the appropriate group (even if manuallly). 

    • eero Community Manager
    • Jeff_C
    • 6 yrs ago
    • Official response
    • Reported - view

    Thanks everyone for the contributions. I can assure you that your voices are being heard. Again, if there are ever any updates, I'll absolutely update the thread. It isn't something that is going to happen overnight, but we are constantly monitoring/measuring feedback and take it into consideration when looking at where to build and expand the services.

    Best,

    Jeff

    • usr2284a
    • 6 yrs ago
    • Reported - view

    I wanted to officially add my request to this.  I have wanted this since day 1.  To say it will not happen overnight is an understatement.  This thread alone is over a half a year old.

    I was disappointed that this did not function when the product came out.  I assumed it would have been added soon as every other mid to high range router supports this.

    Is it even on the product roadmap or is it taking a back seat to GUI improvements?

     

     

    • WhiskerBiscuit
    • 6 yrs ago
    • Reported - view

    CodeGrue yes.  Eero is pushing out silly UI enhancements instead of adding functionality.  They talk a big game about listening, but they refuse to acknowledge the loopback issue is a major impedance for many people.

    • WhiskerBiscuit
    • 6 yrs ago
    • Reported - view

    Jeff C. 

     

    Our team closely monitors feedback from our community, support tickets, and all other places where customers share their feedback with us. While we don't have any updates to share regarding specific features updates at this time, we're always working on improvements. 

    It's been my experience that Eero never shares information about updates.  They just appear.

    The process for building new features really depends on resources and how it fits into the current state of eero and other projects we have going on. We look forward to continuing to build great new features, as well as looking to develop many requests that have been featured here.

    Eero is tight lipped about new features.  However this specific issue (NAT LOOPBACK) has been requested ad nauseum. Why can't we get a response about this?  WHAT ARE YOUR PLANS? Speaking on behalf of other users, we are pisseed off over your silence.  This is a poor attitude to take with your customers and I will not recommended Eero to friends and family and specifically cite poor service as the reason. 

    • shahidhaque
    • 6 yrs ago
    • Reported - view

    There seem to be inconsistent answers as to whether one can use some kind of DNS service, like this one http://dyn.com , in order to get around the lack of NAT Loopback. If a DNS service can get around this, could someone explain how? I need it very seriously.

    I use Daylite and it serves serves several other devices ( www.marketcircle.com ). Right now, it will only serve local devices if the local network address is entered, and only remote devices if the external address is entered. I could enter only the external address, but I am often local as well, and then it won't sync. Very annoying.

    • Konolua
    • 6 yrs ago
    • Reported - view

    shahidhaque You've stumbled across why we're all disgruntled. ;)

    Only option (besides internal vs. external) is a VPN. It can still access internal addresses but dialing up an external IP from a VPN-connected device identifies as the public IP and therefore can get to the local destination via external IP while on the network.

    • deatondg
    • 6 yrs ago
    • Reported - view

    I'm probably just adding a drop in the bucket here, but anything to help. This feature would be extremely appreciated. I would really like to host a private git server for use among some friends on a project using the Swift Package Manager. Dependencies using the package manager are stated using URLs, and the same URL is used both for building the package on the server where it's being deployed and on the device where it's being tested, which means one will be on the network and the other will be off by necessity. I'm looking into running my own DNS server to work around this issue, but that's annoying. I'm a bit frustrated by the (somewhat non-)responses given from eero on this thread, but it's still a good system, and maybe NAT loopback is a challenging feature for some reason. I'd appreciate some deeper technical information from eero as to why this isn't implemented, but I understand that's unlikely. My thanks goes out to anyone who is helping this issue get resolved!

    • Luc
    • 6 yrs ago
    • Reported - view

    Given up hope to this point. Check out this Reddit thread, where an eero engineer comes in:

    https://www.reddit.com/r/eero/comments/4918uj/no_loopback/

    "Insufficient imagination on our part; sorry. We didn't realize people would want to do this when we designed the startup flow of the system. There should be a fix in the next eeroOS release, coming real soon now."

    "Are you saying the NAT loopback will be implemented in the upcoming releases?"

    "No, I'm saying that custom DNS will be implemented better so that internal DNS servers stand a chance of working."

    I don't believe that they'll ever add this feature and probably hope interest will just fade away. I'd look for another router if I were you.

     

     

    • eero Community Manager
    • Jeff_C
    • 6 yrs ago
    • Official response
    • Reported - view

    Hi Luc  and everyone —

    Thanks for checking back in.

    I would like to mention that the thread you linked out to was from around a year ago. 

    While we don't have a timeline to share on Egress Hairpinning/Nat Loopback being implemented, we haven't stated that it is something we won't do. While I don't have more to share at this time, we continue to consider and evaluate any feature till it states Not Planned at the top.

    I really wish there was more I could provide, but there are not any updates at this time. We are not trying to mislead anyone, so if this is a necessity for your network today, we understand if eero isn't a fit at this time. However, we do hope that you consider us again if this feature becomes implemented.

    Thanks again everyone's feedback and continued interest. As soon as there are any updates, I will post them here.

    Best,

    Jeff

    • usr2284a
    • 6 yrs ago
    • Reported - view

    "we understand if eero isn't a fit at this time."

    Doesn't cut it for many of us who invested in this system for ourselves and others assuming a basic feature available on many $40 wireless routers would be added in short order simply to see update after update come and go with nothing.

    The official responses in this thread almost have the tune of "stop asking, it will get here if it gets here".  However if people don't keep pushing the issue you will simply say, "doesn't seem to be much interest, not important!".  I for one encourage people to keep asking, even if you see 50 other people have already asked, ask again!  Ask for an update at least once a month.   If you sit quiet and wait they will just keep throwing the issue to the back!

    • eltonsiu_gmailcom
    • 6 yrs ago
    • Reported - view

    Jeff C. 

Content aside

  • Status Implemented
  • 49 Votes
  • 2 yrs agoLast active
  • 161Replies
  • 11208Views
  • 66 Following