Connect to static IP internally

Hello there,

I have a Seagate NAS and from outside I can connect to it using its static IP. This I have done using my sonicwall firewall's port forwarding i.e. I enter the static IP and the firewall forwards it to its internal IP 192.168.0.99. From internally also I can connect to the NAS using its private IP 192.168.0.99. Now when I try to connect to the NAS internally using its static IP, it is not connecting. On my sonicwall I tried to do port forwarding from its public IP to its private but still no luck. What am I missing or doing wrong. Please somebody help me!!.

cheers
Zolf
zolfAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

John TsioumprisSoftware & Systems EngineerCommented:
Can you ping it ?
0
zolfAuthor Commented:
Thanks for your comments!!

Yes I can ping its public IP internally but cannot access it....for e.g. in the RUN when i enter \\192.168.0.99,the NAS is accessable but using the public IP, it is not
0
John TsioumprisSoftware & Systems EngineerCommented:
So you are saying that you want to access it from internally using its public ip for browsing....?
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

zolfAuthor Commented:
yes that is correct!!
0
evmanCommented:
do you have any route to NAS static IP address? Can you ping NAS static IP address?
0
zolfAuthor Commented:
Can you ping NAS static IP address?

Yes I can

do you have any route to NAS static IP address?

what do you mean
0
evmanCommented:
if you ping the NAS static ip address but you can't browse it, check your firewall configuration. Can you access NAS web control panel using your browser?

for knowing your route to NAS static IP address
Start> CMD> tracert NAS STATIC IP ADDRESS
0
John TsioumprisSoftware & Systems EngineerCommented:
I am under the impression that you need this ...
0
zolfAuthor Commented:
Can you access NAS web control panel using your browser?
Internally I can using the private IP but not the static IP.From outside I can access the web control panel using the static IP

Below is the tracert result, I did it internally
C:\Documents and Settings\Administrator>tracert 192.168.0.253

Tracing route to BA-256C27 [192.168.0.253]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  BA-256C27 [192.168.0.253]

Trace complete.

C:\Documents and Settings\Administrator>tracert 97.99.46.166

Tracing route to 97.99.46.166 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  BA-256C27 [192.168.0.253]

Trace complete.

C:\Documents and Settings\Administrator>

Open in new window

0
zolfAuthor Commented:
John what makes you think I need this.
Basically I want to be able to access my servers or other devices which have public IP from inside my company. Now I can only access them using their private IPs
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Which port do you use - HTTP or NetBIOS? Of course you need to have firewall rules to allow outbound traffic to that static public IP. That should be all.
0
zolfAuthor Commented:
Please see the attachment. I have done a Packet Monitoring in my Sonicwall and saved the log.
0
zolfAuthor Commented:
Qlemo:

I have made up that IP,it is not my real IP.

Which port do you use - HTTP or NetBIOS?

My apologies I am not an expert in Networking,I am a software engineer trying to do this to make my software work as I would expect. SO I am not sure which one I use but 99% I am using HTTP.
log.txt
0
zolfAuthor Commented:
Here is the screenshot of the Packet Monitor
untitled.png
0
John TsioumprisSoftware & Systems EngineerCommented:
In your log files you have your public IP....
0
zolfAuthor Commented:
Please help me !!
0
John TsioumprisSoftware & Systems EngineerCommented:
Can you give some info why you need this kind of access...
0
Mark DamenERP System ManagerCommented:
Why not access the device using the same Fully Qualified Domain Name (FQDN) from both inside and outside the network?

The way to achieve this is by using split DNS.  On your public DNS servers, create an A record for NAS.domainname.com and point it to your public IP.

Then on your internal DNS servers, create a new primary zone for NAS.domainname.com and have a record pointing to internal IP address.

Now for you and your users whenever you ping NAS.domainname.com you will get the answer appropriate to your location and be able to always browse the NAS.

Regards
Mark
0
zolfAuthor Commented:
It is for my Database backup/restore. I am using an application called RedGate which needs the static IP.
0
zolfAuthor Commented:
markusdamenous

Thanks for your feedback, but I dont have a DNS server. I have a simple setup and not very advanced.
0
Mark DamenERP System ManagerCommented:
So you have a server hosting a database on the same lan as the NAS device, and you're backing up to the NAS?  I can't see why you don't connect with the local IP address?
0
zolfAuthor Commented:
You see the Redgate is on the other side. I mean it is placed at a datacenter and I am trying to configure the replication using the static IPs. for the source DB(which is in my office) i need to give the static IP of the NAS. SO that the DB can send the backup on that NAS and then the destination DB will copy that backup from the NAS.
BAsically I need your help to allow me to access my local devices using their public IP from internally!!
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
I don't know what your packet filter condition is, and if we see all traffic, but this what I can derive:
You are using CIFS (NetBIOS) access on port 445/tcp and 139/tcp (new and old port for this service).
Traffic is going 192.168.0.2 => 97.99.46.166 => 192.168.0.253
Assuming 192.168.0.253 is the SonicWall, I cannot see any traffic going from the SonicWall to the NAS. I don't know if we should see any (depending on your packet filter conditions), and/or we should see firewall rules too. What we see is that in packet 13 and 14 the firewall is terminating the sessions for ports 445 and 139 because of timeout (no further traffic flowing).

But maybe you can exploit a bug in the Windows TCP/IP implementation. Create a file %SystemRoot%\system32\drivers\etc\hosts with
  192.168.0.99   97.99.46.166
on the machine performing the backup, then try again.
0
zolfAuthor Commented:
Qlemo

Thanks for your feedbacks.

The sonicwall ip is 192.168.0.1

Traffic is going 192.168.0.2 => 97.99.46.166 => 192.168.0.253

192.168.0.253 is the private IP of the NAS and 97.99.46.166 is the public IP of the NAS
0
zolfAuthor Commented:
I have attached my Packet monitor settings which I used to monitor it on my sonicwall
1.png
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
I can connect to the NAS using its private IP 192.168.0.99
Which one is correct?
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
I see, .253 is correct. The capture filter does not include firewalled, dropped, etc. packets, so I would switch that one and try again for generating the log.
0
zolfAuthor Commented:
Qlemo

OK , i did as you mentioned, but for some reason in the destination i get to see the private ip of the NAS not the static ip which i use to test the packet monitor.dont know why,maybe becasue of the port forwarding rul i gave sonicwall. anyway below are the specs and the screenshot of the packet monitor when I try to access the public IP of the NAS from my 192.168.0.2 server.

the NAS private IP is 192.168.0.253 and it has a public IP which for security reason I have not shown.
My sonicwall ip is 192.168.0.1 and 192.1.68.0.2 is the server which I am trying to connect to the NAS using its static ip.



1
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Maybe you have to filter only on the ports 139 and 445 (no address) to see more.
0
Blue Street TechLast KnightCommented:
Hi zolf,

If I understand you correctly, from both the WAN and the LAN you can connect to the NAS but from within the LAN you *cannot* connect via the Public IP, correct?

Do you have a loopback NAT policy in place in your SonicWALL under NAT Policies? If you don't...this will never work.

The Policy should read something like this...
Original Source: Firewalled Subnets
Source Translated: X1 IP
Destination Original: X1 IP
Destination Translated: 192.168.0.99 (NAS Private IP (static))
Service Original: <what ever service you are using to connect to the NAS on, e.g. 80, 443, 8080, etc.>
Service Translated: Original
Interface Inbound: Any
Interface Outbound: Any

You should open up ports using the Wizard (Public Server Wizard) exclusively, no matter how complex your required access is. It establishes your baseline, then from there you can add more complexity such as grouping Service Objects and/or Address Objects.

Let me know how it goes.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Blue Street TechLast KnightCommented:
I updated my last post...please refresh and re-read. Thanks!
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Of course 192.168.0.99 should be 192.168.0.253, as we know now. And the port should be 445 and/or 139.
0
Blue Street TechLast KnightCommented:
Hi Qlemo,

Are you addressing my post? If so, I'm not saying anything other than if he doesn't have a Loopback NAT policy in place...accessing the NAS from the Public IP on the LAN will never work. That is what a loopback policy is designed for. It specifically routes LAN to WAN to LAN.

I typically never see a good reason to perform this type access method that he is requesting but that is also why the Wizard does this by default...just in case scenarios (poorly written apps, misconfiguration (Exchange), etc.). :)
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
I suppose it is clear (and the loopback policy the major point), but wanted to make sure it is.
0
Blue Street TechLast KnightCommented:
Gotcha! :)
0
zolfAuthor Commented:
If I understand you correctly, from both the WAN and the LAN you can connect to the NAS but from within the LAN you *cannot* connect via the Public IP, correct?
Yes you are correct!!

diverseit

Thanks for your feedbacks. I created the loopback as you mentioned but still could not open the NAS on my LAN using the static IP. I have attached the NAT policy I created
1
0
zolfAuthor Commented:
Just for clarification, this

Source Translated: X1 IP
Destination Original: X1 IP

has to be the default gateway of the public IP of the NAS.correct??
0
zolfAuthor Commented:
This is my interfaces page

1
0
Blue Street TechLast KnightCommented:
Yes in this case it would be x4 (replace both x1's with x4s). X1 was assuming you had one WAN/one IP.
0
zolfAuthor Commented:
I replaced them but still no luck

1
0
Blue Street TechLast KnightCommented:
Incidentally, are x3 and x4 different subnets than x1?
0
zolfAuthor Commented:
Also when I try to Monitor the Packet between a pc and the NAS on my LAN, it is not showing any output when for e.g. I try to open enter the NAS public IP in a browser or START-RUN-\\IP-OK

1
0
Blue Street TechLast KnightCommented:
Are x3 and x4 different subnets than x1?

If not then it doesn't need to be an interface. ..it should be an address object.

I'd start from scratch and click on wizard then public server wizard. It will setup everything for you. This is a very simple request if your configuration is correct.
0
zolfAuthor Commented:
Incidentally, are x3 and x4 different subnets than x1?
It looks like it,in the Interface page...so what about it??
0
Blue Street TechLast KnightCommented:
I couldn't see if it were in the same range...nevermind.
0
zolfAuthor Commented:
I tried the wizard thingy too but no luck.
0
zolfAuthor Commented:
Infact I have a website on my web server which is using this loopback thingy but this NAS device is not working. The webserver is on the X1 IP and NAS is on the X4 IP.

http://filedb.experts-exchange.com/incoming/2015/08_w35/931710/11.PNG
0
Blue Street TechLast KnightCommented:
Try changing the translated destination and original source to x4 IP not the custom created address objects. Change the outbound interface to x4.
0
zolfAuthor Commented:
I get this error when I change the Inbound/Outbound Interface from Any to X41
0
Blue Street TechLast KnightCommented:
Just outbound interface.
0
zolfAuthor Commented:
No luck!!....
0
zolfAuthor Commented:
thanks!!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.