Can not use our external IP from LAN. Work fine from WAN

Posted on 2010-01-04
Medium Priority
Last Modified: 2012-05-08
I have an odd problem that I can not resolve.
For the sake of demonstration I use example IP addresses (not the real ones)

We have 2 terminal Servers behind a router and proxy server.

Terminal Server 1 has the proxy software program installed. It has 2 netcard. one to the router and one to Lan. The proxy program is setup with port forwarding and filtering for the students internet.

Terminal Server 2 is totally behind the Proxy with 1 netcard. All comunication goes through Terminal Server 1's proxy.

On Lan everyone can access Terminal Server 1 and 2 using IP or Domain Name. This is working as it should.

For all the teachers, I have given our External IP so they can access the Terminal Servers from home. This is also working fine. Router has been setup to forward port coms for the 2 servers to our Proxy Server. Proxy server then forward one port to itself and one to terminal server2.

All happy, all working

Here is the problem.
When the teachers come to school, they sit on LAN and try to connect using External IP. Now it does not work. I am working with several schools and no problems else where.
We want to get this to work so the teachers do not have to change their settings based on if at home or on schools LAN.

Does anyone have an idea why I can not sit on Lan using my WAN ip to connect via RDP?

I was thinking if its possible for me to write something into local DNS Server (that all are using) so when writing WAN ip or domain name it can do the lookup on our own DNS and then connect straight away. Can this be done? If Yes can someone explain howto?

if not how to I go ahead trouble shooting this?

Kind regards
Question by:morten444
LVL 71

Accepted Solution

Chris Dent earned 2000 total points
ID: 26176086

Can you create a DNS name for them to use instead of the external IP?

Then you can create an instance of that name on your internal DNS server, this time publishing the internal IP address.

An example of that would be:

1. Create remote.domain.com pointing to the public IP for external use
2. If MS DNS internally...
  a. Create a forward lookup zone called remote.domain.com
  b. Create a Host (A) Record with a blank name pointing to the internal IP address



Author Comment

ID: 26176176
Thanks for answer.
Yes I was looking for something like this.
I actually have a domain name. (will use fiktive here for the sake of the example)

I have 2 Terminal Server
One connects on "remote.domain.com" (port 3389 as default)
The other connects on "remote.domain.com:3390"

is it possible to set them bouth up in local DNS or only the defailt where no need to enter port number?

Kind Regards
LVL 13

Expert Comment

ID: 26176801
I assume you use proxy 1 to port forward remote.domain.com:3390 to Terminal Server 2, or you have a router that do that?
When the teachers come back to school. Do they have problem accessing both terminal servers, or just Terminal Server 2?

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 71

Expert Comment

by:Chris Dent
ID: 26178391

> is it possible to set them bouth up in local DNS or only the defailt where no need to enter port number?

No sorry, DNS doesn't deal with Port Numbers I'm afraid.


Author Closing Comment

ID: 31672658
Thanks for your answer. It works with using domain name. regarding port numbers.. I will try to forward to proxy and let this do the job with forwarding.

Thanks for your help

Expert Comment

ID: 26276543
> Does anyone have an idea why I can not sit on Lan using my WAN ip to connect via RDP?

If you do not get ping replies from the external ip address of router from LAN, then it is the problem with the type or router and the way it is handling that type of packets. It happens because when a ping request is made on the  external ip of router using a computer on LAN, the router looks at the received packet and replies to the internal computer of LAN. BUT what happens is that, this time the sender address on the reply packet from the router is the INTERNAL IP ADDRESS of the router(as it was received from the inner side of the LAN), whereas the internal computer which made the ping requests is expecting reply from the EXTERNAL IP ADDRESS (as ping was made on this address). So the internal computer discards all replies received from the INTERNAL IP ADDRESS of the router and keeps on waiting for a reply from the EXTERNAL IP ADDRESS, which is not received.
My router intelligently handles this type of traffic and doesnt suffer from this drawback.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Is your computer hacked? learn how to detect and delete malware in your PC
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question