Why can't I connect to computers on my network using our external IP address?

3

Possible Duplicate:
Connecting to my own network via external IP

My home network is serviced by an ADSL line. The modem is in bridged mode. The router performs the PPPoE.

Three computers are connected to the router: two wired Windows 7 boxes and a Ubuntu Linux box over wifi.

The computers are hosting various forms of services including FTP and HTTP. The router has port forwarding mapped from the relevant ports to the reserved IP addresses for the computers.

If I attempt to connect to a server inside the network, such as ftp://67.xx.xxx.xxx from inside the network, the request times out. However if I connect using the internally mapped address, such as ftp://192.168.0.100, all is well.

This is a nuisance for setting up software, especially on the laptop which needs to be able to phone home from anywhere, and I just don't have enough expertise with networking to know why this is occurring to even have a clue whether it can be solved or not.

edit: It should be noted that the servers can be accessible outside the network - say, at the starbucks across the street - perfectly fine, using the ISP provided address and the appropriate port.

Kivin

Posted 2012-09-01T02:58:45.990

Reputation: 430

Question was closed 2012-09-02T06:01:00.437

possible duplicate of Connecting to my own network via external IP also see Will routers “short circuit” their own external ip address?

– Ƭᴇcʜιᴇ007 – 2012-09-01T03:05:58.163

Answers

1

Port forwarding rewrites only the destination address. This works perfectly for outside sources. Here's why it doesn't work for inside sources:

  1. You try to connect to your outside address. You form a packet with an inside source and an outside destination.

  2. The packet takes your default route to your router.

  3. The router port forwards the packet, changing the destination address to the inside address of the server.

  4. The server receives the packet with an inside source address (the originating machine) and its inside destination address (the server).

  5. The server forms a reply packet with an inside source address and an inside destination address.

  6. Since the destination is local, this packet does not take the server's default route. It goes directly to the originating machine.

  7. The originating machine gets a reply packet with an inside source address, but it was expecting a reply with an outside source address (the machine it was trying to reach).

  8. The originating machine ignores the packet and the connection doesn't work.

For this to work, you need "hairpin NAT" in which both the source and destination addresses are rewritten so that the reply packets from the server are directed back to the router rather than the source.

David Schwartz

Posted 2012-09-01T02:58:45.990

Reputation: 58 310

Asked: 2012-09-01T02:58:45.990

Viewed: 186 times

Active: 2012-09-01T05:16:54.377