Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

NAT Loopback - How To

Posted on 2014-02-09
10
Medium Priority
?
1,675 Views
Last Modified: 2014-02-21
I have a web server running on my LAN and have setup port forwarding etc. on my router so it can be accessed from the outside world using a valid URL: for example http://www.myexternaladdress.com:xxxx/mypage.html

Everything from outside works great, but I cannot access the server when on my LAN using the external address.

I know I can use the LAN address but I want to be able to use the one address from wherever I am, I think this is called NAT loopback but I'm no expert here.

How do I divert LAN traffic for the external web address to the internal web address?

I'm using a Comtrend AR5381u Router

Thanks
0
Comment
Question by:BrianFord
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39845814
That is called hairpin NAT, from what I know.

Does your router support CLI? It uses iptables?

From what consumer routers I've seen, if it does not support hairpin NAT out-of-the-box, your only chance is to modify it via CLI or a firmware update.

HTH,
Dan
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39845829
If you can access and modify iptables, here's a thread on how to create a rule for hairpin:
http://superuser.com/questions/663820/port-forwarding-from-inner-network-to-inner-network-hairpin-nat

Basically, you add a rule to your firewall to route internal traffic on port 80 to 192.168.1.2 (change with the IP of your server)
/ip firewall nat
add chain=dstnat dst-address-type=local protocol=tcp dst-port=80 \
  action=dst-nat to-address=192.168.1.2 to-port=80

Open in new window

and then add the hairpin:
/ip firewall nat
add chain=srcnat src-address=192.168.1.0/24 \
  dst-address=192.168.1.2 protocol=tcp dst-port=80 \
  out-interface=bridge-local action=masquerade

Open in new window


HTH,
Dan
0
 

Author Comment

by:BrianFord
ID: 39845866
not sure I can access the iptables, this is an isp provided router, sounds like I may to just use different URL's :-(
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 6

Expert Comment

by:Jelcin
ID: 39845896
You could also edit the hosts file in your windows. There you can just type that the external adress should be mapped to the internal...

http://www.rackspace.com/knowledge_center/article/how-do-i-modify-my-hosts-file
0
 

Author Comment

by:BrianFord
ID: 39845902
I thought about that but I'm building iOS app that needs to access a web service running on my web server so that's why I was trying to access using a single address and not  2
0
 
LVL 17

Expert Comment

by:pergr
ID: 39846719
It might be easier to configure your DNS server to give the private address when the request comes from the inside.
0
 

Author Comment

by:BrianFord
ID: 39876925
That's what I'd like to do but not sure how to do that, unfortunately not much in the manual on how to set that up,  I'm an ASUS RT-68U

Guess I'll be surfing Google again later today :)
0
 
LVL 17

Accepted Solution

by:
pergr earned 2000 total points
ID: 39877721
Perhaps you should run a dns server too on the same machine as the Web server.
0
 

Author Comment

by:BrianFord
ID: 39878504
I think I'm going  set that up, I'm not DNS expert, do have any pointers for setting up the hairpin on Windows Server 2003?
0
 

Author Closing Comment

by:BrianFord
ID: 39878516
Thanks for the advice, I setup a DNS server on the web server and after a quick Google search was able to implement the hairpin

Thank You
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question