Solved

NAT Loopback - How To

Posted on 2014-02-09
10
1,464 Views
Last Modified: 2014-02-21
I have a web server running on my LAN and have setup port forwarding etc. on my router so it can be accessed from the outside world using a valid URL: for example http://www.myexternaladdress.com:xxxx/mypage.html

Everything from outside works great, but I cannot access the server when on my LAN using the external address.

I know I can use the LAN address but I want to be able to use the one address from wherever I am, I think this is called NAT loopback but I'm no expert here.

How do I divert LAN traffic for the external web address to the internal web address?

I'm using a Comtrend AR5381u Router

Thanks
0
Comment
Question by:BrianFord
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39845814
That is called hairpin NAT, from what I know.

Does your router support CLI? It uses iptables?

From what consumer routers I've seen, if it does not support hairpin NAT out-of-the-box, your only chance is to modify it via CLI or a firmware update.

HTH,
Dan
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39845829
If you can access and modify iptables, here's a thread on how to create a rule for hairpin:
http://superuser.com/questions/663820/port-forwarding-from-inner-network-to-inner-network-hairpin-nat

Basically, you add a rule to your firewall to route internal traffic on port 80 to 192.168.1.2 (change with the IP of your server)
/ip firewall nat
add chain=dstnat dst-address-type=local protocol=tcp dst-port=80 \
  action=dst-nat to-address=192.168.1.2 to-port=80

Open in new window

and then add the hairpin:
/ip firewall nat
add chain=srcnat src-address=192.168.1.0/24 \
  dst-address=192.168.1.2 protocol=tcp dst-port=80 \
  out-interface=bridge-local action=masquerade

Open in new window


HTH,
Dan
0
 

Author Comment

by:BrianFord
ID: 39845866
not sure I can access the iptables, this is an isp provided router, sounds like I may to just use different URL's :-(
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 
LVL 6

Expert Comment

by:Jelcin
ID: 39845896
You could also edit the hosts file in your windows. There you can just type that the external adress should be mapped to the internal...

http://www.rackspace.com/knowledge_center/article/how-do-i-modify-my-hosts-file
0
 

Author Comment

by:BrianFord
ID: 39845902
I thought about that but I'm building iOS app that needs to access a web service running on my web server so that's why I was trying to access using a single address and not  2
0
 
LVL 17

Expert Comment

by:pergr
ID: 39846719
It might be easier to configure your DNS server to give the private address when the request comes from the inside.
0
 

Author Comment

by:BrianFord
ID: 39876925
That's what I'd like to do but not sure how to do that, unfortunately not much in the manual on how to set that up,  I'm an ASUS RT-68U

Guess I'll be surfing Google again later today :)
0
 
LVL 17

Accepted Solution

by:
pergr earned 500 total points
ID: 39877721
Perhaps you should run a dns server too on the same machine as the Web server.
0
 

Author Comment

by:BrianFord
ID: 39878504
I think I'm going  set that up, I'm not DNS expert, do have any pointers for setting up the hairpin on Windows Server 2003?
0
 

Author Closing Comment

by:BrianFord
ID: 39878516
Thanks for the advice, I setup a DNS server on the web server and after a quick Google search was able to implement the hairpin

Thank You
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question