I have a service running on a LAN that are also exposed over the WAN, say Service A is reachable under example.com and it’s running on Host A in the LAN. The way this is implemented is port forwarding in the WAN gateway in the LAN:
public_ip:80 -> host_a_ip:80
Now I have a laptop that is often in the LAN, but not always. When that laptop is in the LAN, it can’t reach example.com, because the gateway port forwarding doesn’t work for internal requests (and their is no option to add/enable this). I also can’t replace the gateway router. So when that laptop wants to access example.com while in the LAN, it has to use the internal LAN ip of Host A.
Rest assured this is annoying. How can I make it, so the laptop can reach example.com
regardless of whether it is in the LAN or not?
Options:
-
DNS trickery: Make example.com resolve to the local ip instead of the remote one. How do I set that up for Mac OS X? Would prefer not to have to set up my own DNS server, but would if it helped.
-
IP routing trickery on the laptop. No idea how to do this, and how to make it transparently on/off depending on the wifi.
-
While writing this, I could make another box on the LAN the gateway for everything in the LAN which in turn then only uses the WAN router. Then I’d have more control over ip forwarding shenanigans. Then I just need to figure out how to make the gateway configuration depending on whether the client is on the LAN.
But I’d still like to know if there is a simpler option.
I assume that splitting the view of the DNS zone into internal and external is not an option? In theory the authoritative DNS server for example.com could be configured for different answers depending on the source IP of the requesting client.
This would even work if you don't really own the resolving DNS server. But you'd have to setup a DNS server inside your LAN and make this your default DNS resolver for the LAN (does not need to be on your Laptop). You would then override the example.com zone with your local LAN settings. All other requests would be just forwarded to the normal DNS resolvers. This could be for instance a RaspberryPI running a BIND. This solution would work for all your LAN members.