Home Assistant Duckdns/LetsEncrypt NAT settings behind double NAT.

  • Brief overview of topology:

    I've been trying get Homeassistant https://home-assistant.io/ accessible locally by my duck-dns host name.

    The server is running on port 8123 and I have nginx configured to forward port 80 and 443 traffic to localhost:8123

    I've forwarded the ports on Comcast router and PFsense.

    I was able to get this partially working via the DNS forwarder (forwarding all traffic to my ddns domain to the local IP) but this did not solve my homeassistant server being able to reach itself via DDNS hostname.

    Specifically when trying to curl -v https://my-domain.duckdns.org from the homeassistant(ubuntu-server in the diagram) server i would get a connection refused.

    Various people have mentioned NAT Reflection / NAT loopback but I have some questions.


    When should I use NAT reflection over Split DNS?
    Is what I want to do achievable given my current topology?

    Desired behavior:
    Access my Home assistant server by ddns name locally and externally while enforcing SSL via Lets Encrypt.

    Observed behavior:

    Using split DNS to forward my-ddns domain to local IP I can access via DDNS hostname from machines other than the machine running the home assistant server. But I can not access the server via hostname from the server.

    e.g ssh'd into Home assistant server( curl -v https:my-ddns domain gives connection refused.

    Other thoughts:

    I'm willing to go a different route, I could possibly move PFsense to the DMZ to avoid Double NAT. If this is something I can accomplish with double NAT that would be preferred.

    Thanks in advanced.

Log in to reply