Newcomer

no access to my own internal server

Hi,

 

 

I have an Arris modem and a Sagemcom Fasst 5260 router. I'm running a test server in my home and the server is on the dmz. From any network, other than my home network, the server can be accessed, no problem, via it's external IP or the subdomain I pointed to it. I can't even ping it's external IP/subdomain from within my home network.

 

If I try to access it via my internal network, 192.168.1.x, it works perfectly.

 

Anyone have any ideas???

 

Thanks!

Rob

 

 

3 REPLIES
Contributor

Re: no access to my own internal server


@trident50 wrote:
I can't even ping it's external IP/subdomain from within my home network.

 

If I try to access it via my internal network, 192.168.1.x, it works perfectly.


Unless the router supports NAT loopback, sometimes called hairpin, (explanation here) then you cannot access the external IP or domain from within your own network.

 

Cheers.

Valued Contributor

Re: no access to my own internal server

Basically a gotcha with how NAT and forwarding is identifying which packets go to which internal IP and then forwarding them accordingly.

More or less, you are still running in a one to many scheme and not a one to one scheme. Connections that are not assured and tracked to a specific internal IP are forwarded to the DMZ... vs all in-bound traffic over an external IP being forwarded to the DMZ's internal IP. And that is another issue too... you are only filtering/directing unsolicited inbound traffic... packets flowing inbound only from the external side towards the internal side (not internal to external and then BACK into the internal). You can find better explanations if you research NAT loopback.

One sort of workaround would be to edit the hosts file to alias the external IP or a handy name like WEBSERVER to the internal IP on your client. Basically, if you do this on a Windows system, when you request a connection to a name or address, it redirects that request to the assigned address you want it to use. Normally, people only add hosts file entries for things like machine names and domain names (like I could add an entry for HPLASER to point to it's IP and then I could ping "HPLASER" from that machine to ping the printer). But sometimes you can actually map IP addresses as well.

Not exactly a graceful workaround by any means, but it may work well enough for quick verification that services are up and such. May need to take some extra steps to make sure the service/servlets are listening for both internal and external IP' s though... very rare, but the possibility may exist depending on how the services work. If it works internally, you could also add a different entry that points to the external address as well. This way you have a handy name for testing externally as well. You could have an entry for home.lan that points to the internal address, and then an external name like mytomcat.com that points to the external address for testing when you are actually outside your network.

Another thing you could try is to use a VPN service. Mileage may vary with this approach though. Many will default to allowing local LAN access, so you still get hit by the "loopback" issues. If you can toggle that local LAN access option off, that client will be forced to send all traffic through the tunnel to the VPN's endpoint first, essentially simulating you being on an external IP address--allowing you to then be routed back to the external address again. This may still not work quite right depending on how the VPN is encapsulating though. But it is something you could try if you are already using a VPN service. Free VPN' s may not provide the flexibility to make it work, but most paid-for VPN's will offer a free trial period (or even a free limited use option like 500MB a month or something) that you could use for testing the idea.
Newcomer

Re: no access to my own internal server

Thank you Eddie and Raist!

There is a "route" tab in the router which may work...but yes, it's just to ensure that it's up so I can just check it on my phone as well.

 

Appreciate it!