Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access Emby from local sub via DDNS

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chudakC
      chudak @viragomann
      last edited by

      @viragomann said in Access Emby from local sub via DDNS:

      @chudak
      Add a DNS host override for pfsense.ddns.xyz and point it to the internal server IP.

      That's a cool and easy solution, thx!

      (I still remember it was something esle)

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @chudak
        last edited by

        @chudak said in Access Emby from local sub via DDNS:

        (I still remember it was something esle)

        You can enable NAT reflection instead for sure, but DNS host overrides work more reliably.

        1 Reply Last reply Reply Quote 2
        • chudakC
          chudak @viragomann
          last edited by

          @viragomann

          Thinking more about this...

          The DNS override is a workaround, what if I really want that to work via DDNS name/IP from the local sub, how do I force that?

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @chudak
            last edited by johnpoz

            @chudak said in Access Emby from local sub via DDNS:

            The DNS override is a workaround,

            Says who? A local resource resolving to its local IP is the correct solution.. Nat reflection is a HACK/Workaround for when the client is unable to resolve the correct local IP for a fqdn because for example it uses external dns and not the local dns. Or the public IP is hard coded in some application or something.

            Nat Reflection should always be last option for when you can resolve your local resource to its local IP.. Why would you want to hairpin traffic?

            Not sure why you have :ports listed - :8096 or :8920, etc.. Those have nothing to do with dns. If you want to allow for redirection of some fqdn, to get sent to some port other than the standard http or https port easy solution for that is using haproxy which can kill 2 birds with 1 stone.. You can just access some fqdn http://pfsense.ddns.xyz for example and get proxied to your local resource on whatever port said service is listening on.

            But locally I would still just access the service via fqdn that resolves to the local IP, and bookmark said site with whatever port you use in the url to access said service.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            chudakC 1 Reply Last reply Reply Quote 0
            • chudakC
              chudak @johnpoz
              last edited by

              @johnpoz

              I am not questioning all of this.

              I am wondering if the external pfsense router DDNS name/IP is restricted somehow (on the local subnet) and if the answer is yes, how to unblock/control this?

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @chudak
                last edited by johnpoz

                @chudak said in Access Emby from local sub via DDNS:

                external pfsense router DDNS name/IP is restricted somehow (on the local subnet)

                Why how would it be restricted..

                The issue is that if you send traffic to your pfsense wan IP from internal IP, it would not be forwarded back to where you forwarded it. For that to work you need to enable nat "reflection"

                https://docs.netgate.com/pfsense/en/latest/nat/reflection.html

                Nat reflection is not enabled by default.. If you have some desire to do that - then yes you would have to specifically enable it.

                Here is the thing you should take away from that article ;)
                "NAT reflection is a hack as it loops traffic through the firewall when it is not necessary"

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                chudakC 1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by stephenw10

                  Yeah, using split DNS is the preferred method if you can use that.
                  https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • chudakC
                    chudak @johnpoz
                    last edited by chudak

                    @johnpoz said in Access Emby from local sub via DDNS:

                    @chudak said in Access Emby from local sub via DDNS:

                    external pfsense router DDNS name/IP is restricted somehow (on the local subnet)

                    Why how would it be restricted..

                    The issue is that if you send traffic to your pfsense wan IP from internal IP, it would not be forwarded back to where you forwarded it. For that to work you need to enable nat "reflection"

                    https://docs.netgate.com/pfsense/en/latest/nat/reflection.html

                    Nat reflection is not enabled by default.. If you have some desire to do that - then yes you would have to specifically enable it.

                    Here is the thing you should take away from that article ;)
                    "NAT reflection is a hack as it loops traffic through the firewall when it is not necessary"

                    Never used that and like it!

                    Is it practical/good to use it to override with an external IP?

                    like:

                    emby.local => points to local IP via resolver
                    emby.external => points to external IP via forwarder

                    Thx!

                    johnpozJ 1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator @chudak
                      last edited by

                      @chudak said in Access Emby from local sub via DDNS:

                      Is it practical/good to use it to override with an external IP?

                      You can set an override for anything you want to resolve to anything you want.. be it www.cnn.com or some internal.domain.tld

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      chudakC 1 Reply Last reply Reply Quote 0
                      • chudakC
                        chudak @johnpoz
                        last edited by

                        @johnpoz said in Access Emby from local sub via DDNS:

                        @chudak said in Access Emby from local sub via DDNS:

                        Is it practical/good to use it to override with an external IP?

                        You can set an override for anything you want to resolve to anything you want.. be it www.cnn.com or some internal.domain.tld

                        I see how to set an override for www.cnn.com, but how do I force to be on a specific port www.cnn.com:1234 ?

                        johnpozJ 1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator @chudak
                          last edited by

                          @chudak dns has NOTHING to do with ports.. As I already went over if your goal is to get redirected to some port, then use HAproxy.. And then sure you can hit the public IP on port say 80 or 443 http/https and get proxied to port 1234 if you wanted.

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.