Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

NAT Loopback - How To

Posted on 2014-02-09
10
1,432 Views
Last Modified: 2014-02-21
I have a web server running on my LAN and have setup port forwarding etc. on my router so it can be accessed from the outside world using a valid URL: for example http://www.myexternaladdress.com:xxxx/mypage.html

Everything from outside works great, but I cannot access the server when on my LAN using the external address.

I know I can use the LAN address but I want to be able to use the one address from wherever I am, I think this is called NAT loopback but I'm no expert here.

How do I divert LAN traffic for the external web address to the internal web address?

I'm using a Comtrend AR5381u Router

Thanks
0
Comment
Question by:BrianFord
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39845814
That is called hairpin NAT, from what I know.

Does your router support CLI? It uses iptables?

From what consumer routers I've seen, if it does not support hairpin NAT out-of-the-box, your only chance is to modify it via CLI or a firmware update.

HTH,
Dan
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39845829
If you can access and modify iptables, here's a thread on how to create a rule for hairpin:
http://superuser.com/questions/663820/port-forwarding-from-inner-network-to-inner-network-hairpin-nat

Basically, you add a rule to your firewall to route internal traffic on port 80 to 192.168.1.2 (change with the IP of your server)
/ip firewall nat
add chain=dstnat dst-address-type=local protocol=tcp dst-port=80 \
  action=dst-nat to-address=192.168.1.2 to-port=80

Open in new window

and then add the hairpin:
/ip firewall nat
add chain=srcnat src-address=192.168.1.0/24 \
  dst-address=192.168.1.2 protocol=tcp dst-port=80 \
  out-interface=bridge-local action=masquerade

Open in new window


HTH,
Dan
0
 

Author Comment

by:BrianFord
ID: 39845866
not sure I can access the iptables, this is an isp provided router, sounds like I may to just use different URL's :-(
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 6

Expert Comment

by:Jelcin
ID: 39845896
You could also edit the hosts file in your windows. There you can just type that the external adress should be mapped to the internal...

http://www.rackspace.com/knowledge_center/article/how-do-i-modify-my-hosts-file
0
 

Author Comment

by:BrianFord
ID: 39845902
I thought about that but I'm building iOS app that needs to access a web service running on my web server so that's why I was trying to access using a single address and not  2
0
 
LVL 17

Expert Comment

by:pergr
ID: 39846719
It might be easier to configure your DNS server to give the private address when the request comes from the inside.
0
 

Author Comment

by:BrianFord
ID: 39876925
That's what I'd like to do but not sure how to do that, unfortunately not much in the manual on how to set that up,  I'm an ASUS RT-68U

Guess I'll be surfing Google again later today :)
0
 
LVL 17

Accepted Solution

by:
pergr earned 500 total points
ID: 39877721
Perhaps you should run a dns server too on the same machine as the Web server.
0
 

Author Comment

by:BrianFord
ID: 39878504
I think I'm going  set that up, I'm not DNS expert, do have any pointers for setting up the hairpin on Windows Server 2003?
0
 

Author Closing Comment

by:BrianFord
ID: 39878516
Thanks for the advice, I setup a DNS server on the web server and after a quick Google search was able to implement the hairpin

Thank You
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Building small business network 4 89
IPv6 and IPv4 Subnetting scheme 4 43
parental control on huwei HG658b 1 26
VMware ESXi vswitch - performance question 2 76
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question