This is something that has happened on my home and work network. Perhaps you set up a personal website on a raspberry pie that is inside your home network. You get everything up and running, you have destination NAT or port forwarding configured on your home router. You buy a domain and set up A-record with your home’s internet IP. Everything is great and you can access your website from the internet. The only problem is… when you try to access the domain of your website from your desktop, it times out. That’s a typical hairpinning problem!

Scenario

HairpinNAT.jpg

This is a simple home network. Consider the flow when the personal computer try to access the server’s public IP 11.11.11.11. It would hit the router’s own WAN interface, which then take a U-turn to route the traffic back to the internal IP 192.168.10.50.

Cause

Now that we understand the scenario, what could have stand in the way for the traffic?

  • Port forwarding is configured with the source interface of WAN, missing the ETH1
  • Firewall policy only allows traffic from WAN to ETH5

Solution

  • On my home network, I would simply point the domain of my website back to the Internal IP 192.168.10.50 instead of 11.11.11.11 on my router’s DNS server.
  • If the above isn’t an option:
    1. Make sure the NAT IP isn’t restricted to WAN interface only
    2. Make sure the firewall policy not only allow access from the WAN interface to the server, but also internal interface