We help IT Professionals succeed at work.

Can not access our local jboss server from LAN with WAN IP

SiteElf asked
Medium Priority
Last Modified: 2008-05-20
Hello guys I have a problem and cant solve it, I tried everything, so please help me, the problem is:

I am connected to a network to a switch to the DSL modem (PARADYNE) , I make port forwarding through my DSL modem, and when anybody inside the LAN request the server with the WAN IP , it rejects the connection, only accepts people outside. I want to be able to connect to my WAN IP, please do not tell me to connect to the local IP of that server because this isnt a solution i want to connect through the WAN IP , so how could i make it work. I tried the DMZ host didnt work out so any idea guys help would be appreciated , as I am stuck on this problem form two weeks.

Internet ---- DSL Modem ------Switch ----+---- Fedora Core 6 Server with Jboss (port 8080 forwarding)
                                                               +---- Workstation (accessing server with WAN IP)

1. From LAN we can not access server with WAN IP. For accessing our server we are
    typing "" but no success.
2. From anywhere else our server access without any problem.
Watch Question

Most Valuable Expert 2015

open the hosts files on your pc's and enter your domain name and the external ip address of your site. This happens if you give your internal domain the same name as your official domain. You should always setup the internal domain to be something like yourdomainname.local instead of yourdomainname.com to avoid this.

The problem, as it seems to me, has to do with the port forwarding. The forwarding takes place for all inbound traffic which sourced from the Internet. If you attempt to reach the external IP from internal machine, you reach the router, but on the wrong interface.
Possible solutions:
1. Use hostnames only, and add an entry to C:\windows\system32\drivers\etc\hosts with something like this:
my.server.domain.net Internal_ip
It means that when you communicate with your server, although the naming convention is similar to one used by an external visitor, it has a different target, and can reach the jboss directly.

2. If your router is Linux, you can add a rewrite rule in IPtables which will redirect your ports back into the server. For example (not tested, but this should be rather similar):
iptables -t nat -I PREROUTING -i ethX -p tcp -m tcp --dport 8080 -j DNAT --to-destination JBOSS-IP:8080
Replace ethX with your internal LAN interface, and, of course, replace JBOSS-IP with your jboss server IP address.
Kerem ERSOYPresident

The answer is: You simply cant!. Because when you do port forwarding on your DSL router, your DSL router listens to the WAN interface (which has its Public IP 202...) and when there's a connection to its 8080 port it simply redirects this connection to your internal hosts 8080 address. When you want to connect to your WAN address this will go to your DSL modem and since it does not try to do port forwarding from inside it will not do port forwarding. You can't also benefit from IPTables becasue your default gateway is your DSL router and your packets from your workstation goes to your DSL router but not yo your JBOSS server.

In fact these type op problems must be solved using DNS. So that you just setup an internal dns. This server will resolve to your internal host IP such as app1.company.com to your internal IP
while your external DNS will resolve the same name to your external IP. This is the best solution.

You can do what ezaton suggests but it takes you to setup another Linux host  with 2 interfaces between your intranet and DSL router  as a gateway and it will redirect all requests to 8080 port to your internal Jboss server regardless of the IP address.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


It means i can not access my website from internal LAN via WAN ip? if i setup DNS server and then type my WAN ip it will just redirect it to my local address right?. In this scenario i will use my local ip instead of using WAN ip that will be just redirect it to my local ip.

Not IP. DNS is for names. If you work with names (not IPs), you can setup the DNS in a manner that will allow you to use your server transparently. As said before - you cannot access your internal site based on your external IP from inside. Names can solve this problem (you set it up that the response to querying the name is different based on your location).
As ezaton pointed out DNS is for domain to IP mapping.

Here I suggest you to have a DNS server in your intranet. You will setup a DNS server over a host in your intranet. Lets assume that you have a domain name called acme.com and your internal server's DNS name is app1. So your FQDN (Full Qualified Doman Name) is app1.acme.com. Your internal DNS server will return the internal IP address of your host, say You need all your internal servers use your internal DNS for querying.

I assume you already have a DNS server somewhere serving your domain so that people can reach to your site. In this eternal DNS you'll add an entry for app1.acme.com and it will be

In this scenario whenever an internal system wants to access to your server it will query your DNS server to access http://app1.acme.com:8080 and your internal DNS will respond with and your browser will connect to your internal address. But whenever a user from outside wants to access your application from outside and enters your address in his/hers browser as http://app1.acme.com:8080, your external DNS will resolve it to

In the end both your internal and external users will use a DNS name rather then an IP address. Since you have 2 DNS address it will always return the correct IP (intranet address for internal requests and registered IP address for for external requests)
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.