Solved

NAT Loopback - How To

Posted on 2014-02-09
10
1,370 Views
Last Modified: 2014-02-21
I have a web server running on my LAN and have setup port forwarding etc. on my router so it can be accessed from the outside world using a valid URL: for example http://www.myexternaladdress.com:xxxx/mypage.html

Everything from outside works great, but I cannot access the server when on my LAN using the external address.

I know I can use the LAN address but I want to be able to use the one address from wherever I am, I think this is called NAT loopback but I'm no expert here.

How do I divert LAN traffic for the external web address to the internal web address?

I'm using a Comtrend AR5381u Router

Thanks
0
Comment
Question by:BrianFord
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
That is called hairpin NAT, from what I know.

Does your router support CLI? It uses iptables?

From what consumer routers I've seen, if it does not support hairpin NAT out-of-the-box, your only chance is to modify it via CLI or a firmware update.

HTH,
Dan
0
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
If you can access and modify iptables, here's a thread on how to create a rule for hairpin:
http://superuser.com/questions/663820/port-forwarding-from-inner-network-to-inner-network-hairpin-nat

Basically, you add a rule to your firewall to route internal traffic on port 80 to 192.168.1.2 (change with the IP of your server)
/ip firewall nat
add chain=dstnat dst-address-type=local protocol=tcp dst-port=80 \
  action=dst-nat to-address=192.168.1.2 to-port=80

Open in new window

and then add the hairpin:
/ip firewall nat
add chain=srcnat src-address=192.168.1.0/24 \
  dst-address=192.168.1.2 protocol=tcp dst-port=80 \
  out-interface=bridge-local action=masquerade

Open in new window


HTH,
Dan
0
 

Author Comment

by:BrianFord
Comment Utility
not sure I can access the iptables, this is an isp provided router, sounds like I may to just use different URL's :-(
0
 
LVL 6

Expert Comment

by:Jelcin
Comment Utility
You could also edit the hosts file in your windows. There you can just type that the external adress should be mapped to the internal...

http://www.rackspace.com/knowledge_center/article/how-do-i-modify-my-hosts-file
0
 

Author Comment

by:BrianFord
Comment Utility
I thought about that but I'm building iOS app that needs to access a web service running on my web server so that's why I was trying to access using a single address and not  2
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 17

Expert Comment

by:pergr
Comment Utility
It might be easier to configure your DNS server to give the private address when the request comes from the inside.
0
 

Author Comment

by:BrianFord
Comment Utility
That's what I'd like to do but not sure how to do that, unfortunately not much in the manual on how to set that up,  I'm an ASUS RT-68U

Guess I'll be surfing Google again later today :)
0
 
LVL 17

Accepted Solution

by:
pergr earned 500 total points
Comment Utility
Perhaps you should run a dns server too on the same machine as the Web server.
0
 

Author Comment

by:BrianFord
Comment Utility
I think I'm going  set that up, I'm not DNS expert, do have any pointers for setting up the hairpin on Windows Server 2003?
0
 

Author Closing Comment

by:BrianFord
Comment Utility
Thanks for the advice, I setup a DNS server on the web server and after a quick Google search was able to implement the hairpin

Thank You
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now