0
I am setting up a pretty awesome server in my place, it's got VPN, HTTPS, FTP, and a lot of other fun stuff. Problem is I cannot access this server (which is on the same network) from the WAN IP. When outside my local network (either physically or through an external VPN connection) everything works just fine. I have placed my server in the DMZ instead of manually opening up a bunch of ports, do you think this has something to do with it?
nkcmr
Posted 2013-01-29T03:48:29.733
Reputation: 227
2
This is normal. Port forwarding (destination IP address rewriting) only works on traffic from the outside in. It breaks if traffic originates from the inside. From the inside, access it using the LAN IP, or set up Hairpin NAT (also called "loopback NAT", a form of dual NAT) if your router supports it.
This answer explains in great detail why it won't work.
David Schwartz
Posted 2013-01-29T03:48:29.733
Reputation: 58 310
2
Unfortunately, it sounds your router has a crappy NAT engine. It should be doing hairpin NAT, but it sounds like it's not.
The IETF's "Best Current Practices" documents for NAT gateways make hairpin NAT support a requirement.
RFC 5382 / BCP 142: "NAT Behavioral Requirements for TCP"
RFC 4787 / BCP 127: "Network Address Translation (NAT) Behavioral Requirements for Unicast UDP"
Spiff
Posted 2013-01-29T03:48:29.733
Reputation: 84 656
I suppose it is, sadly, empirically "normal" (that is, "common") that home routers have crappy NAT implementations, but I think it's important to be clear that lack of hairpin support goes against the relevant RFCs and should be considered a bug. – Spiff – 2013-01-29T04:29:26.463