public ip resolves externally but not internally

Question

I have a one to one NAT on pfsense that assigns a public IP to an internal IP (running a web server).

When I open the public IP from an internal machine, it will not resolve to the internal IP, instead it opens the router web page.

When I open the public IP from outside my LAN it will go through to the internal IP that is running the web server.

Why can't I open the public IP internally?

score 4 · Answer 1 · answered Feb 19 '12 at 19:43

4

I'm also guessing it will be the hairpin NAT issue as mentioned above. There are lots of different names for the same thing - pfSense calls this NAT Reflection.

At the bottom of the relevant NAT/port forward rule, check the 2nd option from the bottom - NAT reflection should be enabled.

The change the default for new rules, you can go to system, advanced, Firewall/NAT then under the Network Address Translation section, uncheck the first box that says Disable NAT Reflection for port forwards.

Also depending on your setup, you may need to disable the HTTP_REFERER and DNS Rebinding checks under System, Advanced, Admin Access. However I would try with the checks enabled first.

answered Feb 19 '12 at 19:43

Robin Gill

2,503
13
13

I have one ip with port forward, another ips use 1 to 1 nat, the ip used with port fowarding works :) however nat 1 to 1 does not work. – 001 Feb 20 '12 at 03:38
1

I'm guessing it may be easier for you to use split DNS so internal clients get the internal IP of your webserver rather than the actual external router IP. To do so, you will need to create an A record for www.yourwebsite.com to point to the internal/actual IP address of your webserver. To do so, assuming you are using pfSense for DNS, just go to the DNS forwarder section and make an entry at the bottom. If you are using Windows Server DNS, you can make an entry in DNS under Control Panel/Administrative Tools. – Robin Gill Feb 20 '12 at 20:48

score 0 · Answer 2 · answered Feb 19 '12 at 05:45

0

Your router's web-based administration is on port 80, so when an inside machine accesses the router on port 80, that's what they get. Moving the router's web administration to another port (typically 8000 or 8080) might fix the problem, unless the router doesn't support hairpin NAT (NATing connections from the inside back to the inside) at all.

answered Feb 19 '12 at 05:45

David Schwartz

31,215
2
53
82

the router is pfsense :) thats my only router... ok i will try to move the port and see if this helps :) – 001 Feb 19 '12 at 07:01
changing the port, didnt work. :( – 001 Feb 19 '12 at 07:48
pfsense requires a [specific rule](http://www.zeroshell.net/eng/forum/viewtopic.php?t=301) for hairpin NAT. – David Schwartz Feb 19 '12 at 08:15
Setting NAT Reflection in the NAT mapping rule to "Enable (Pure NAT)" fixed it here. – Koen Zomers May 24 '14 at 14:52

public ip resolves externally but not internally

2 Answers2