Learn how to a build a cloud-first strategyRegister Now


Can not access our local jboss server from LAN with WAN IP

Posted on 2007-07-20
Medium Priority
Last Modified: 2008-05-20
Hello guys I have a problem and cant solve it, I tried everything, so please help me, the problem is:

I am connected to a network to a switch to the DSL modem (PARADYNE) , I make port forwarding through my DSL modem, and when anybody inside the LAN request the server with the WAN IP , it rejects the connection, only accepts people outside. I want to be able to connect to my WAN IP, please do not tell me to connect to the local IP of that server because this isnt a solution i want to connect through the WAN IP , so how could i make it work. I tried the DMZ host didnt work out so any idea guys help would be appreciated , as I am stuck on this problem form two weeks.

Internet ---- DSL Modem ------Switch ----+---- Fedora Core 6 Server with Jboss (port 8080 forwarding)
                                                               +---- Workstation (accessing server with WAN IP)

1. From LAN we can not access server with WAN IP. For accessing our server we are
    typing "" but no success.
2. From anywhere else our server access without any problem.
Question by:SiteElf
LVL 88

Expert Comment

ID: 19529430
open the hosts files on your pc's and enter your domain name and the external ip address of your site. This happens if you give your internal domain the same name as your official domain. You should always setup the internal domain to be something like yourdomainname.local instead of yourdomainname.com to avoid this.

Expert Comment

ID: 19533161
The problem, as it seems to me, has to do with the port forwarding. The forwarding takes place for all inbound traffic which sourced from the Internet. If you attempt to reach the external IP from internal machine, you reach the router, but on the wrong interface.
Possible solutions:
1. Use hostnames only, and add an entry to C:\windows\system32\drivers\etc\hosts with something like this:
my.server.domain.net Internal_ip
It means that when you communicate with your server, although the naming convention is similar to one used by an external visitor, it has a different target, and can reach the jboss directly.

2. If your router is Linux, you can add a rewrite rule in IPtables which will redirect your ports back into the server. For example (not tested, but this should be rather similar):
iptables -t nat -I PREROUTING -i ethX -p tcp -m tcp --dport 8080 -j DNAT --to-destination JBOSS-IP:8080
Replace ethX with your internal LAN interface, and, of course, replace JBOSS-IP with your jboss server IP address.
LVL 30

Assisted Solution

by:Kerem ERSOY
Kerem ERSOY earned 1500 total points
ID: 19537505

The answer is: You simply cant!. Because when you do port forwarding on your DSL router, your DSL router listens to the WAN interface (which has its Public IP 202...) and when there's a connection to its 8080 port it simply redirects this connection to your internal hosts 8080 address. When you want to connect to your WAN address this will go to your DSL modem and since it does not try to do port forwarding from inside it will not do port forwarding. You can't also benefit from IPTables becasue your default gateway is your DSL router and your packets from your workstation goes to your DSL router but not yo your JBOSS server.

In fact these type op problems must be solved using DNS. So that you just setup an internal dns. This server will resolve to your internal host IP such as app1.company.com to your internal IP
while your external DNS will resolve the same name to your external IP. This is the best solution.

You can do what ezaton suggests but it takes you to setup another Linux host  with 2 interfaces between your intranet and DSL router  as a gateway and it will redirect all requests to 8080 port to your internal Jboss server regardless of the IP address.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

ID: 19580440
It means i can not access my website from internal LAN via WAN ip? if i setup DNS server and then type my WAN ip it will just redirect it to my local address right?. In this scenario i will use my local ip instead of using WAN ip that will be just redirect it to my local ip.

Expert Comment

ID: 19580676
Not IP. DNS is for names. If you work with names (not IPs), you can setup the DNS in a manner that will allow you to use your server transparently. As said before - you cannot access your internal site based on your external IP from inside. Names can solve this problem (you set it up that the response to querying the name is different based on your location).
LVL 30

Accepted Solution

Kerem ERSOY earned 1500 total points
ID: 19581722
As ezaton pointed out DNS is for domain to IP mapping.

Here I suggest you to have a DNS server in your intranet. You will setup a DNS server over a host in your intranet. Lets assume that you have a domain name called acme.com and your internal server's DNS name is app1. So your FQDN (Full Qualified Doman Name) is app1.acme.com. Your internal DNS server will return the internal IP address of your host, say You need all your internal servers use your internal DNS for querying.

I assume you already have a DNS server somewhere serving your domain so that people can reach to your site. In this eternal DNS you'll add an entry for app1.acme.com and it will be

In this scenario whenever an internal system wants to access to your server it will query your DNS server to access http://app1.acme.com:8080 and your internal DNS will respond with and your browser will connect to your internal address. But whenever a user from outside wants to access your application from outside and enters your address in his/hers browser as http://app1.acme.com:8080, your external DNS will resolve it to

In the end both your internal and external users will use a DNS name rather then an IP address. Since you have 2 DNS address it will always return the correct IP (intranet address for internal requests and registered IP address for for external requests)

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question