Access DDNS hostname from within my network

Hello, I am new to the WatchGuard Firebox (T15) and have limited networking knowledge/skills.

I have an account with DynDNS for a hostname to access my home network devices and VPN remotely. I believe I have the Firebox configured correctly as the VPN and port forwarding rules appear to be working properly, remotely.

However no access using the DDNS hostname works from within the Firebox network.

Is there a way to configure the Firebox to get this to work? To be able to use the DDNS hostname from within the network?

Thanks,
Dennis

Comments

  • To access an internal device using the external IP addr, you need to use NAT loopback.
    If you already have an incoming policy allowing this access, you can add the internal interface name, such as Trusted, to that policy's From: field.

    NAT Loopback and Static NAT (SNAT)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/nat/nat_loopback_static_c.html

  • Thanks so much Bruce.

    Following your reference link, I'm having trouble with the SNAT (I get myself confused every time I try to create one). My internal IP: is 192.168.92.1 and sample hostname: dyndns.hostname.tst. But the SNAT ends up with External (or Any-External, Any-Optional) ----> dyndns.hostname.tst even when I check Set source IP and enter an IP.

    Dennis

    PS: does this community allow for image attachments?

  • A normal SNAT allows Internet access to an internal server.
    For this setup, the SNAT IP addr or Interface = Any-external.
    In this case, Any-external refers to any firewall interface defined as External.
    The Choose Type = Internal IP addr with the value being the private IP addr on the internal server.
    On the policy allowing this access from the Internet to the internal server, the From: field is usually Any-external and the To: field is the defined SNAT.
    To allow internal access to the internal server via the external interface, add the appropriate entry to the From: field, such as the internal interface from which one want to allow this access - which could be Trusted.
    Ones does not need to use the DDNS FQDN anywhere in the policy or the SNAT as the clients (internal or external) will resolve the DDNS FQDN to an IP addr for the access attempt.

    See this in reference to the meaning of Any-external.
    About Aliases
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/aliases_about_c.html

  • I use my local DNS server to point my xxxx.dyndns.org FQDNs to local IP addresses. One could use HOSTS file to do the same thing if there is no local DNS server and only a few computers locally.

    Or as Bruce noted, set up loopback.

    Gregg

    Gregg Hill

Sign In to comment.