Solved

NAT Loopback - How To

Posted on 2014-02-09
10
1,486 Views
Last Modified: 2014-02-21
I have a web server running on my LAN and have setup port forwarding etc. on my router so it can be accessed from the outside world using a valid URL: for example http://www.myexternaladdress.com:xxxx/mypage.html

Everything from outside works great, but I cannot access the server when on my LAN using the external address.

I know I can use the LAN address but I want to be able to use the one address from wherever I am, I think this is called NAT loopback but I'm no expert here.

How do I divert LAN traffic for the external web address to the internal web address?

I'm using a Comtrend AR5381u Router

Thanks
0
Comment
Question by:BrianFord
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39845814
That is called hairpin NAT, from what I know.

Does your router support CLI? It uses iptables?

From what consumer routers I've seen, if it does not support hairpin NAT out-of-the-box, your only chance is to modify it via CLI or a firmware update.

HTH,
Dan
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39845829
If you can access and modify iptables, here's a thread on how to create a rule for hairpin:
http://superuser.com/questions/663820/port-forwarding-from-inner-network-to-inner-network-hairpin-nat

Basically, you add a rule to your firewall to route internal traffic on port 80 to 192.168.1.2 (change with the IP of your server)
/ip firewall nat
add chain=dstnat dst-address-type=local protocol=tcp dst-port=80 \
  action=dst-nat to-address=192.168.1.2 to-port=80

Open in new window

and then add the hairpin:
/ip firewall nat
add chain=srcnat src-address=192.168.1.0/24 \
  dst-address=192.168.1.2 protocol=tcp dst-port=80 \
  out-interface=bridge-local action=masquerade

Open in new window


HTH,
Dan
0
 

Author Comment

by:BrianFord
ID: 39845866
not sure I can access the iptables, this is an isp provided router, sounds like I may to just use different URL's :-(
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 6

Expert Comment

by:Jelcin
ID: 39845896
You could also edit the hosts file in your windows. There you can just type that the external adress should be mapped to the internal...

http://www.rackspace.com/knowledge_center/article/how-do-i-modify-my-hosts-file
0
 

Author Comment

by:BrianFord
ID: 39845902
I thought about that but I'm building iOS app that needs to access a web service running on my web server so that's why I was trying to access using a single address and not  2
0
 
LVL 17

Expert Comment

by:pergr
ID: 39846719
It might be easier to configure your DNS server to give the private address when the request comes from the inside.
0
 

Author Comment

by:BrianFord
ID: 39876925
That's what I'd like to do but not sure how to do that, unfortunately not much in the manual on how to set that up,  I'm an ASUS RT-68U

Guess I'll be surfing Google again later today :)
0
 
LVL 17

Accepted Solution

by:
pergr earned 500 total points
ID: 39877721
Perhaps you should run a dns server too on the same machine as the Web server.
0
 

Author Comment

by:BrianFord
ID: 39878504
I think I'm going  set that up, I'm not DNS expert, do have any pointers for setting up the hairpin on Windows Server 2003?
0
 

Author Closing Comment

by:BrianFord
ID: 39878516
Thanks for the advice, I setup a DNS server on the web server and after a quick Google search was able to implement the hairpin

Thank You
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question