Can not access to public IP from inside network

2

I have a home network with a router that serves as a gateway for internet access. Within this network I have a server with many services, all mapped inside the router with DNAT.

When I access the public IP of my house from outside the network, the router redirects requests to the internal server correctly; however when I access from inside the house, the router interprets the connections as if they were for him, for example, if I ask the http service on port 80 of the public IP the configuration page of the router is displayed.

What is happening?

debuti

Posted 2015-01-12T01:56:06.207

Reputation: 121

Check to see if your router has a setting called NAT reflection. Without NAT reflection, the router isn't smart enough to loop the connection back into itself when you request its public IP from inside. Some routers have it on by default, but others have it disabled and many don't have the feature at all. – tlng05 – 2015-01-12T02:06:04.103

Related SU question: http://superuser.com/questions/37421/accessing-a-website-via-the-webservers-public-ip-from-a-pc-within-the-same-lan maybe even dupe.

– heavyd – 2015-01-12T06:16:10.117

Also, to follow up on @user54791's question, which router are you using? – heavyd – 2015-01-12T06:16:40.620

@user54791 thats all i wanted to know, thanks – debuti – 2015-01-12T10:20:14.567

Answers

4

You are trying to solve a problem which doesn't exist. Just use your internal IP, this will result in the packets never hitting your router (perhaps the switch on your router but not the router itself). It is better in every way to do it like this. Here are a few benefits:

  • You will have access to any ports you like (not only those you've setup in your router).
  • You won't waste router memory with NAT entries for services which you only use internally.
  • You'll find it MUCH easier to remember the internal IP and it'll never change unless you tell it to.
  • Each packet will make fewer hops and each hop will be on a switch so it'll go very fast.
  • The packets won't hit the roadblock that your router creates while it dissects your packets. Even if it is a slow day on your network this'll be much faster for you.
  • Your servers will see your PC as a distinct device; if you choose to use an external proxy to fix this then you'd always be seen as originating from that proxy.
  • If your service supports it then it can use a whole palette of protocols which are not available to external devices. DHCP, WINS, real UDP Broadcasts... to name just a few.
  • All of the additional security that goes along with being subneted.

I'm sure that there are more reasons because this is the way it should be done. Also, you can easily modify your hosts file or DNS server to give it a name without bothering with a Dynamic DNS type service.

Update

Some people have interpreted this question as asking how to make a laptop work the same inside a network as it does on another network. IMO, this is a completely different question and significantly broadens the scope of the question. I saw no mention of this being the same computer from both inside and outside the network (or of anything but an IP). Now we need to ask about things like, how you are connecting, how you are resolving host names, etc.. In the end, no one answer could solve every situation automatically.

If you are willing to run a tiny script after you connect to the other network then I can provide a simple answer which will be fairly robust.

First, create a small batch script:

ping -n 1 some.local.ip.addy
if errorlevel 1 goto :isremote
cp /Y %WINDIR%\System32\Drivers\etc\hosts.local %WINDIR%\System32\Drivers\etc\hosts
goto :eof
:isremote
cp /Y %WINDIR%\System32\Drivers\etc\hosts.remote %WINDIR%\System32\Drivers\etc\hosts

Change, some.local.ip.addy to an actual IP on your local network. Make sure that it is something which is always available (your router IP would do nicely as long as it responds to a PING request).

Then create a local hosts file (%WINDIR%\System32\Drivers\etc\hosts.local) and put this in it:

192.168.0.2 my-service.mynet.dyndns.org
192.168.0.3 my-service2.mynet.dyndns.org

Using your actual server IPs. This is simplified, I would add entries which specifically only work inside the network as well.

Then create a remote hosts file (%WINDIR%\System32\Drivers\etc\hosts.remote). Leave it blank, we won't need it now but you may find use for it later.

Then setup a dyndns.org account called mynet.dyndns.org and be sure to make it a wildcard. Of course, DynDNS is just one of hundreds of options for a dynamic DNS host.

Now, after you move between networks, just run the script and voila, everything works the same outside as it did inside and (as long as you are properly forwarding your ports and using the correct hostnames) you'll just need to use my-service.mynet.dyndns.org or my-service2.mynet.dyndns.org or mynet.dyndns.org:24829 to get your various services. If that service supports virtual hosts, then it'll know how to handle the my-service. part. Your router will most likely just pass it on so you'll need to provide the port as well for those services that do not know how to handle the vhost part (of course most of those have a default port in the client so you'll be able to just enter mynet.dyndns.org usually).

The same can be achieved without the script if you have a DNS server on your local network but if you do then you probably know how to do it already. If not, that definitely deserves it's own separate question.

krowe

Posted 2015-01-12T01:56:06.207

Reputation: 5 031

1While i see what you're saying i also understand the OP's position. I have had this same problem with a laptop that should be able to access the same service with the same name when connected to either the LAN or externally, say at a public Wi-Fi. The real solution is NAT reflection/loopback in the router. – heavyd – 2015-01-12T03:16:10.383

@heavyd The OP specifically said he wanted to use an IP. He did not say anything about a hostname. You would configure that using DNS or a host file. NAT* is lame IMHO and is never a real solution to anything network related. – krowe – 2015-01-12T03:20:34.280

DNS names resolve to IPs, so in the end it's the same. I want a single configuration to work both inside and outside my NAT-ed network. – heavyd – 2015-01-12T03:24:37.763

@heavyd Don't let the meta confuse you. Just because an apple is green doesn't make green mean apple. IOW, use the DNS name to label the IP. Make that identical, let the IP go along the short path. – krowe – 2015-01-12T03:26:56.493

@heavyd I solved your unrelated question. Maybe you wouldn't mind up voting this now? – krowe – 2015-01-12T05:31:04.710

I suppose that solves a problem, but NAT loopback solves it, and the original question, much more simply and without having to run a script every time I change locations. The beauty of it is it doesn't matter which side of the router you're on, you use the same IP, and it just works. – heavyd – 2015-01-12T06:13:41.353

@heavyd You must have missed this: http://superuser.com/questions/262799/how-to-launch-a-command-on-network-connection-disconnection You don't need to actually physically do anything. It is all automatic and easy to maintain. Also, if it just works then why was this question made? If the OP had the feature you are talking about they probably wouldn't be asking.

– krowe – 2015-01-12T06:18:54.837

The point here is to make connections without worrying where I connected my laptop. For example, the server to which I refer has a Pound reverse proxy server that redirects by url, so if I access with the internal dns name it will not work. – debuti – 2015-01-12T10:19:32.480

Asked: 2015-01-12T01:56:06.207

Viewed: 2 593 times

Active: 2015-01-12T05:49:52.280