DNS - cannot reach origin/site from external network

Greetings, I have an interesting case.

I have a computer that I use for a home-lab which is running a kubernetes cluster. I do change my location from time to time which means that my external ip changes.

I had my lab setup on one of the places I live and it worked without any issues.
Now I moved to my other location and I have updated my DNS records(I managed them through terraform) to the new IP address. However, I am no longer able to access my domain, for instance echo.jimytar.com
I do not use proxy on cloudflare side. I do generate the certificates using cert-manager and ssl termination is done inside the cluster(ingress). I do have valid certificates. I do also have services that can be accessed on port 80(http) such as http://echo.jimytar.com.

The interesting part is that I can access all of my domains from the private network. Like I can open all of the domains from the computer that is running the cluster and from all the devices connected to the router…
I am not sure what is happening… I dont have any firewalls or rules applied.

Do you have a publicly routed IP address at your new location? From what I see, A1 is using CGNAT.

I have cable internet and A1 modem/router and my own router after that.

Actually the interesting part is that if I connect to the A1 modem/router directly I get different external IP than the one I get when connected to the router after that.

So indeed the issue could be in the ISP. Maybe I need to contact them to get this sorted. I can enable dmz between the A1 modem and my router but not sure if that is going to help.

What options do I have here ?

Could that Zero Trust Tunnel maybe help. Havent configured such before.

Alright, I was able to address the issue.

Somehow my second router which is after the ISP router was obtaining some external IPs on its own maybe using that CGNAT of the ISP or God knows how that thing works.
I have setup the routing as following:

ISP router which has an external IP > port forward to 80/443 to the second router which is in the router 1 private network after that I have a couple more port forwards - router2 to host machine/WSL2 to nested virtual machines in wsl2 that have the “internal lb” and Kubernetes cluster running. (I have a weird setup that everything runs in nested virtualization inside WSL2 on Windows Host) .

But now I can access everything that is running on the cluster and I have setup dynamic dns on my second router because I am not sure if my external IP is static or not …
echo.jimytar.com is now accessable tho(when cluster is running)

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.