Can not access our local jboss server from LAN with WAN IP

Posted on 2007-07-20
Last Modified: 2008-05-20
Hello guys I have a problem and cant solve it, I tried everything, so please help me, the problem is:

I am connected to a network to a switch to the DSL modem (PARADYNE) , I make port forwarding through my DSL modem, and when anybody inside the LAN request the server with the WAN IP , it rejects the connection, only accepts people outside. I want to be able to connect to my WAN IP, please do not tell me to connect to the local IP of that server because this isnt a solution i want to connect through the WAN IP , so how could i make it work. I tried the DMZ host didnt work out so any idea guys help would be appreciated , as I am stuck on this problem form two weeks.

Internet ---- DSL Modem ------Switch ----+---- Fedora Core 6 Server with Jboss (port 8080 forwarding)
                                                               +---- Workstation (accessing server with WAN IP)

1. From LAN we can not access server with WAN IP. For accessing our server we are
    typing "" but no success.
2. From anywhere else our server access without any problem.
Question by:SiteElf
    LVL 87

    Expert Comment

    open the hosts files on your pc's and enter your domain name and the external ip address of your site. This happens if you give your internal domain the same name as your official domain. You should always setup the internal domain to be something like yourdomainname.local instead of to avoid this.
    LVL 7

    Expert Comment

    The problem, as it seems to me, has to do with the port forwarding. The forwarding takes place for all inbound traffic which sourced from the Internet. If you attempt to reach the external IP from internal machine, you reach the router, but on the wrong interface.
    Possible solutions:
    1. Use hostnames only, and add an entry to C:\windows\system32\drivers\etc\hosts with something like this: Internal_ip
    It means that when you communicate with your server, although the naming convention is similar to one used by an external visitor, it has a different target, and can reach the jboss directly.

    2. If your router is Linux, you can add a rewrite rule in IPtables which will redirect your ports back into the server. For example (not tested, but this should be rather similar):
    iptables -t nat -I PREROUTING -i ethX -p tcp -m tcp --dport 8080 -j DNAT --to-destination JBOSS-IP:8080
    Replace ethX with your internal LAN interface, and, of course, replace JBOSS-IP with your jboss server IP address.
    LVL 30

    Assisted Solution

    by:Kerem ERSOY

    The answer is: You simply cant!. Because when you do port forwarding on your DSL router, your DSL router listens to the WAN interface (which has its Public IP 202...) and when there's a connection to its 8080 port it simply redirects this connection to your internal hosts 8080 address. When you want to connect to your WAN address this will go to your DSL modem and since it does not try to do port forwarding from inside it will not do port forwarding. You can't also benefit from IPTables becasue your default gateway is your DSL router and your packets from your workstation goes to your DSL router but not yo your JBOSS server.

    In fact these type op problems must be solved using DNS. So that you just setup an internal dns. This server will resolve to your internal host IP such as to your internal IP
    while your external DNS will resolve the same name to your external IP. This is the best solution.

    You can do what ezaton suggests but it takes you to setup another Linux host  with 2 interfaces between your intranet and DSL router  as a gateway and it will redirect all requests to 8080 port to your internal Jboss server regardless of the IP address.
    LVL 1

    Author Comment

    It means i can not access my website from internal LAN via WAN ip? if i setup DNS server and then type my WAN ip it will just redirect it to my local address right?. In this scenario i will use my local ip instead of using WAN ip that will be just redirect it to my local ip.
    LVL 7

    Expert Comment

    Not IP. DNS is for names. If you work with names (not IPs), you can setup the DNS in a manner that will allow you to use your server transparently. As said before - you cannot access your internal site based on your external IP from inside. Names can solve this problem (you set it up that the response to querying the name is different based on your location).
    LVL 30

    Accepted Solution

    As ezaton pointed out DNS is for domain to IP mapping.

    Here I suggest you to have a DNS server in your intranet. You will setup a DNS server over a host in your intranet. Lets assume that you have a domain name called and your internal server's DNS name is app1. So your FQDN (Full Qualified Doman Name) is Your internal DNS server will return the internal IP address of your host, say You need all your internal servers use your internal DNS for querying.

    I assume you already have a DNS server somewhere serving your domain so that people can reach to your site. In this eternal DNS you'll add an entry for and it will be

    In this scenario whenever an internal system wants to access to your server it will query your DNS server to access and your internal DNS will respond with and your browser will connect to your internal address. But whenever a user from outside wants to access your application from outside and enters your address in his/hers browser as, your external DNS will resolve it to

    In the end both your internal and external users will use a DNS name rather then an IP address. Since you have 2 DNS address it will always return the correct IP (intranet address for internal requests and registered IP address for for external requests)

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
    There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now