-
Notifications
You must be signed in to change notification settings - Fork 112
Gotchas
Max Dor edited this page Oct 6, 2017
·
6 revisions
If you are using NAT and doing port forwarding (with or without a reverse proxy in between) to the homeserver/identity server running on the same box, then you will most likely run into the issue that the homeserver is not able to talk to the identity server.
This is a sign that your NAT is not configured to handle supposedly outgoing connection that loopback into an internal network.
This is because the domain used is a public one that will give a public IP, forcing your gateway to rewrite the packet, sending it back to the homeserver/identity server box for a connection it is not aware of (and sending a RST packet).
iptables configuration:
iptables -t nat -A POSTROUTING -s 1.2.3.4/5 -j MASQUERADE
Change 1.2.3.4/5 to your HS/IS subnet (or its IP with /32).
Others options to go around this:
- Properly configure your firewall to handle NAT
- Have at least two IPs on the box running the HS and IS and reverse proxying IS endpoints to the 2nd IP
- have a mechanism to resolve the DNS name to the internal IP via:
- local
/etc/hostsor equivalent - your internal DNS (Bind9 with split view or dnsmasq with record overwrite)
- local