4

I have a SSH server running on my local network which is exposed to the public internet via my router's port forwarding. I have also set up a name for the host locally on my machine (via etc/hosts) and remotely (via dynamic DNS), let's say:

            ip            name
locally     192.168.0.5   myhost
remotely    11.22.33.44   myhost.example.com

From within my local network, I can access the server via ssh 192.168.0.5 / ssh myhost and from outside my network I can access it via ssh 11.22.33.44 / ssh myhost.example.com.

To that point, everything works fine. However, using two different hostnames for the same server is a bit cumbersome. I'd like to access the server in a unified way, i.e. using only a single IP / hostname that works both, locally and remotely.

Is there an easy solution to this problem? I'm on macOS if that matters.

BTW: I cannot access my router from the local network using its public IP.

Improve this question
5
  • For all I know there is no simple solution to this. The only thing I could imagine would be to use a static ip on your machine in the local network which has the same ip as your public ip. Then you can just always use this ip. But I didn't test this before, maybe there is a conflict with having internal ips the same as the public one.
    – DarkDiamond
    Commented Apr 23, 2021 at 9:42
  • @DarkDiamond I don't think this works because the router that should forward that packet already associates that IP with its public-facing interface. If it were possible to reuse that public IP purely on the network layer then there would be no need to deploy NAT. For that reason, many people implement hairpin NAT (source- & destination-NAT) to access the host using the public IP unrelated of traffic origin.
    – jvda
    Commented Apr 23, 2021 at 12:53
  • 1
    Why not upgrade to a router with NAT loopback?
    – Neil
    Commented Apr 23, 2021 at 21:50
  • 1
    "Why not upgrade to a router with NAT loopback?" -- Depending on the model of the router, it may even be possible to simply enable NAT loopback (hairpin NAT) in the settings.
    – Roel Schroeven
    Commented Apr 23, 2021 at 22:54
  • @Neil by "easy solution" I didn’t mean buying more capable hardware :-)
    – Stefan
    Commented Apr 24, 2021 at 12:06

2 Answers 2

Reset to default
8

Since you have Dynamic DNS set up, you do not need to make changes to /etc/hosts file.

For external access you would use DNS for host to IP resolution and you want the same for local network.

Most routers do support DNS injection. You need to check your router config and assign 192.168.0.5 IP address to correspond to the same Dynamic DNS hostname as if it were from external network. Then when you are in internal network, and use your router as DNS server, the router will resolve myhost.example.com to local address. And when you go out and try externally access, then Dynamic DNS will take its turn to resolve to external IP.

If you have trouble setting up your router, then post the make and model, so we could look if it supports required settings.

Improve this answer
1
  • 1
    I was running the Dynamic DNS update from another machine. Setting it up directly in the router instead did the trick! I can now access my host using that address.
    – Stefan
    Commented Apr 23, 2021 at 10:01
2

If you didn't have the ability to set up the DNS, you could play some games with the SSH config on your box do something similar. First you would need a way to detect if you're on your "home" or not. Depending on where you go and how you connect, this may be most easily done by polling your wifi SSID, but the BSSID or the network configs may be more robust/possible for you. Here's a sample:

MY_SSID="local ssid name"
ssid=`/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport -I | grep " SSID" | cut -d " " -f 2-`
if [ "$ssid" == "$MY_SSID" ]
  then
  exit 0
else
  exit 1
fi

Call this "at_home" and put it in your path. Then assuming myserver normally resolves to the external address, add a stanza to your ssh config file similar to this to override the internal address:

Match host myserver exec at_home
    Hostname myserver.localname # or "local IP"
Improve this answer
1
  • TIL that exec exists in SSH configs! I always thought of it as a static configuration. This opens so many possibilities.
    – Stefan
    Commented Apr 24, 2021 at 12:10

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .