Chrome WAN Remote Access times out, but only from within LAN

[TheWaterbug]

I used the BI remote access wizard and the DynDNS client and port-forwarding and firewall access rules within my pfsense firewall to set up remote access by FQDN a few weeks ago, and it worked great! I spent $12 for the iOS app, and it worked fine as well.

From inside my 192.168.1.0/24 network I can get to my BI server from Chrome at:

http://192.168.1.3:81/ui3.htm

But I can't get to it from Chrome at:

http://myDynDNSAccount.dyndns.org:81/ui3.htm

nor at:

http://My.WAN.IP.Address:81/ui3.htm

Both time out.

From OUTSIDE my LAN, I can get Chrome to:

http://myDynDNSAccount.dyndns.org:81/ui3.htm

or

http://My.WAN.IP.Address:81/ui3.htm

But neither WAN request will work from inside my LAN.

I don't believe it's my router (pfsense 2.4.4) , because I can get to my router's config page at either:

https://192.168.1.1:1234

or at:

https://myDynDNSAccount.dyndns.org:1234

or at:

https://My.WAN.IP.Address:1234

so the WAN-to-LAN redirecting (or whatever the proper term is) is working.

If I'm at my office, 192.168.0.0/24 with a hardware IPSec tunnel to 192.168.1.0/24, then either BI URL works in Chrome.

The iOS app works anywhere, presumably because it knows to use the LAN IP inside and the WAN IP/DynDNS outside.

Is there something within BI that checks the original requested URL and refuses it if it's a WAN request from a LAN address?

The reason this matters to me is that I will shortly have 3 different BI sites and servers to manage (Home, Office, Parents' Home), and I'd much rather have 3 bookmarks than 6 bookmarks.

 

[bp2008]

Blue Iris normally has no problem with this once it is configured correctly in the router. As far as Blue Iris is concerned, the traffic will appear to originate from the router's LAN IP address.

This is how I configured mine. System > Advanced > Firewall & NAT.

NAT Reflection mode for port forwards: Pure NAT
Reflection Timeout: [blank]
Enable NAT Reflection for 1:1 NAT: Checked
Enable automatic outbound NAT for Reflection: Checked

 

[SouthernYankee]

http://myDynDNSAccount.dyndns.org:81/ui3.htm is connecting to the router not the BI box. You must port forward to the BI PC in the router (not recommended) Or set up OpenVPN to connect to your local network.

 

[TheWaterbug]

http://myDynDNSAccount.dyndns.org:81/ui3.htm is connecting to the router not the BI box. You must port forward to the BI PC in the router (not recommended) Or set up OpenVPN to connect to your local network.

Port forwarding is already set up, and it works properly when I'm outside my LAN. Chrome can get to my BI server at my WAN address when I'm at Starbucks.

The BI iOS app also connects to my WAN address from anywhere.

So the port forwarding is correct, and the firewall rules are passing the traffic.

 

[TheWaterbug]

Blue Iris normally has no problem with this once it is configured correctly in the router. As far as Blue Iris is concerned, the traffic will appear to originate from the router's LAN IP address.

This is how I configured mine. System > Advanced > Firewall & NAT.

NAT Reflection mode for port forwards: Pure NAT
Reflection Timeout: [blank]
Enable NAT Reflection for 1:1 NAT: Checked
Enable automatic outbound NAT for Reflection: Checked

Ah, this was the trick! For some reason I had NAT Reflection turned off. Now it's on, and it's working. At least it's working on 3 of my installations.

On my 4th installation the router appears to lack this feature.