Routing, hairpin? problem

lthieman · June 11, 2025, 2:25am

Hello all! Hoping someone can shed some light one a problem I’m having.

For context, most of my homelab/self-hosted gear is at my parent’s house connected to their fiber internet with public IP. I installed and set up a UCG Max over there and their home LAN is on the default 192.168.1.xxx subnet. I also set up a DMZ (using that network preset in Unifi) subnet on 192.168.69.xxx.

I have a domain name registered with Cloudflare and have a wildcard A record pointed to the public IP and ports 80, 443 and 51820 forwarded to my reverse proxy. The proxy then points to my audiobook server.

This all worked perfectly without issue when I was using Nginx Proxy Manager for my reverse proxy. But I wanted to switch to Pangolin to make use of it’s pin code auth (I don’t need the tunneling with this setup) and everything works except now my mom can no longer connect to the Audiobook server from the home LAN either by the domain name or the local IP of the server, only from the outside internet. Note, this worked before with NPM.

I’ve tried adding DNS entries in the UCG Max without effect.

Any idea where I should start troubleshooting this thing?

pasterms · June 11, 2025, 6:33am

Hey @lthieman, this sounds like a hairpin NAT issue. Your domain name points to the public IP, and some routers don’t handle internal traffic to the public IP very well. Nginx Proxy Manager may have handled that better than Pangolin does. Try setting a local DNS override so the domain name resolves to the server’s local IP when on the home network. Also, check if Pangolin is binding only to certain interfaces or IPs, which could block local access.

lthieman · June 11, 2025, 11:29pm

Unifi does appear to have a menu option specifically for setting DNS for things inside the network, but apparently I don’t know how to use it. It looks simple enough, but doesn’t seem to do anything. lol