39

I have a DSL modem with a public IP address (201.206.x.x), and I have a web server in my internal network (192.168.0.50).

I set up the modem to forward requests to port 80 to my web server, so, if I access 201.206.x.x from outside my network, it shows my web page, the same happens if I access 192.168.0.50 from a computer inside my network.

Now, the problem is when I try to access 201.206.x.x from my internal network, the browser tries to connect to the DSL modem configuration, instead of redirecting my request to my Web server.

Which settings do I have to change in the modem to set up this redirection?

Improve this question
1
  • A variation to the problem, I have multiple (2) hosting servers, and I have configured a DNS (BIND9) for the internal requests. How do I map (to different Hosting Server) external requests (to public IP) based on hostname?
    – Kunal B.
    Commented Jan 22, 2017 at 22:58

8 Answers 8

Reset to default
21

The problem is that the packet rewriting can generally only take place when traversing the firewall. Generally speaking routers cannot perform the necessary re-writing when the request is arriving from the same network the request would be re-written to. The common solution to this problem is to place a web proxy outside the network that loops the request back through your firewall.

I suspect your specific problem is that you would like to access the web site via its DNS host name. You can handle that by using "split-horizon" DNS, so it pays attention to where the request is coming from and answers appropriately: If the request is coming from inside your network, it hands out the 192.168.0.50 to requests coming from your network and the public IP to everyone else.

Either of these suggestions could be implemented on any host outside of your network, like a (free) Amazon EC2 micro instance.

Improve this answer
2
  • Thanks, although I think I will stick with the HOSTS file editing since it's basically a personal site that I use for tests of sites I'm working on. The PC isn't even up 24/7.
    – willvv
    Commented Mar 20, 2011 at 5:13
  • 3
    I solved this problem on my own home network by adding an A record with the same name as my external dyndns name on my own DNS server (also running on my home network). The A record points to the proper location in my home network, as does the reverse PTR record. But of course, not everyone is running their own home DNS...
    – LawrenceC
    Commented Mar 21, 2011 at 0:25
14

I would say @Insyte is onto something when he/she talks about the issue being a DNS resolution issue .. which then means the problem is packet rewriting (read @Insyte post again for that explanation).

Assuming you have the following setup:

  1. Public IP: 201.206.x.y
  2. Private IP: 192.168.0.50
  3. Port forwarding for all 80 (and 443 if you're doing SSL) on IP 201.206.x.y192.168.0.50

You then type the following in your browser, while you're in your internal network:

http://www.yourwebsite.com

and the error occurs. So, solution: hack your hosts file.

On Windows, go to C:\windows\system32\drivers\etc\hosts (notice, there's no extension on that file). On Linux, the file is located in /etc/hosts.

If you open that file up in Notepad, you can then see any entries that are used to override DNS. If you wish to update that file, you will need to open Notepad (or whatever program you're using to edit the file) with Administrator rights – otherwise you can't save the file.

Add this to your hosts file:

192.168.0.50 www.yourwebsite.com

Then restart your browser, enter the URL and violà! It's working. So this means, your browser doesn't rely on your DNS to resolve your domain to the IP. Instead, we're overriding this and saying: Browser, just go to my internal IP for that domain name, instead of asking DNS for the IP address.

If you're in an office, then you can get all the people who need to access this internal website, to hack their hosts file, or if you have an internal DNS, then you can add an entry into that.

Another idea is to have an internal proxy server (for all web surfing, etc) and then hack the hosts file on the proxy server. This means your browser will say, Proxy, can you please get me the resource http://www.mywebsite.com and the proxy says Sure, and because I've been told to ignore DNS for that domain, I'll just give the IP which has been hard-coded in my hosts file.

Improve this answer
4
  • Yep, I actually had this before I posted, I just wanted to be able to access it throught the actual IP, but I think I can live with that since my modem doesn't have NAT reflection (as suggested by @MaQleod).
    – willvv
    Commented Mar 20, 2011 at 5:12
  • 3
    What about a laptop or smartphone that is frequently accessing the same site via internal or external network?
    – TREE
    Commented Mar 20, 2011 at 13:23
  • @TREE can u please elabourate. I didn't quite understand your question.
    – Pure.Krome
    Commented May 20, 2011 at 11:43
  • I have a very similar setup, except I'm using domain names. So from outside the network my domain resolves to my external IP, and from inside, it resolves to the internal IP. I have laptops and smartphones that frequently access from inside and outside, so hacking the hosts file wouldn't work. What I have done is basically what your (Pure.Krome) other answer suggests, only instead of using an external server I'm just telling the DHCP server on the router to prepend an internal DNS server. It mostly works, but there are annoying lags when switching networks before things start resolving.
    – TREE
    Commented May 22, 2011 at 14:41
9

This is a common problem with the way some routers handle traffic meant for their public address from an internal address - they don't follow the same port forwarding rules as requests from outside the network. What you need to look for in your routers is NAT reflection. This will allow the router to handle internal requests for the public IP to use the same port forwarding rules as if the request came from outside the network.

Improve this answer
2
  • 1
    NAT reflection. I think that's what I was looking for. Unfortunately my modem doesn't have that. Thanks!
    – willvv
    Commented Mar 20, 2011 at 5:10
  • what to do when your modem doesn't support NAT loopback??
    – oldboy
    Commented Aug 19, 2017 at 20:06
2

I could help you better if you could give me your modem make and model...

But what happens here is that normally a router or modem config page should only appear when visiting their internal IP (192.168.0.1)

But what seems to be happening here is that it Identifies the incoming request (201.206.x.x) As coming from the inside so decides to give you the config page instead of the normal route to your web server...

Now if you're using a Consumer level modem, you probably aren't able to change this (sorry)

But maybe you can: Try and see if there is 'listen' settings in your admin config page

There you can try to either change your administration page to another port Or limit the adresses its listening for

Improve this answer
2

Maybe the problem is that remote administration is allowed.

Improve this answer
2

You can add a route to access the server's public IP directly through its local IP. On Windows, the command is like

route add [public IP] mask 255.255.255.255 [the server's local IP]

To add a persistent route, add -p parameter to above command.

Then each time when you visit the public IP, the computer will go thru the server's local IP as gateway. Because the server knows its own public IP, it will process the package from itself, instead of forwarding it to the local network.

You have to make sure the server's local IP static.

Improve this answer
2
  • Why does the server know its own public IP address?
    – G-Man Says 'Reinstate Monica'
    Commented Mar 12, 2015 at 5:49
  • Servers certainly know their IPs. Either static or dynamic IPs. I am not sure how routing exactly works. My guess is each machine has a route map. When it received packages, it decides whether it should process the package.
    – qevan
    Commented Mar 14, 2015 at 19:50
0

Having this same issue. I was able to fix this by adding the DNS host name to my router's DNS Host Mapping list. I found these settings listed in the advanced options list of my router.

Improve this answer
0

On my router, I had to turn off "NAT acceleration" (Cut Through Forwarding) as this broke NAT loopback...

Improve this answer
0

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .