[ previous ] [ next ] [ threads ]
 
 From:  KnightMB <knightmb at knightmb dot dyndns dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Why isn't it possible to access NATed services by the public IP address from LAN? -- Part 2
 Date:  Sat, 25 Feb 2006 21:36:12 -0600
I couldn't find this anywhere, so I thought I would share.  Maybe it can 
be added to the FAQ.

Situation is, you have a m0n0wall with it's WAN address port mapped to 
the LAN address for a certain service (such as HTTP for example).

So you have an WAN IP (example,   64.17.124.XXX) and port 80 is mapped 
to an internal LAN where your web server sits (example, 192.168.0.10).

Everyone outside on the WAN can access the website just fine, when they 
type in "myfavoritesite.net" in the web browser, but when you are 
sitting on the inside of the LAN and you type the same address at your 
PC you get either a login password screen for m0n0wall or nothing at all 
or some error that it could connect connect.

Basically, your computer is trying to connect to the WAN also, but the 
rules and NAT don't allow for this.  An easy workaround (great for 
corporate, internal websites) is to use the "DNS Forwarder" to create a 
"DNS override" domain to the IP address that is set to your LAN server 
computer.  First, this only works if you use the DNS Forwarder service 
of m0n0wall.  Second you enter in an "domain override" entry in this 
page for your website, in this case we use "myfavoritesite.net"  for the 
domain and change it's IP address to the local IP of 192.168.0.10.  Save 
and apply changes, flush the DNS cache of your own computer (reboot, 
release/renew IP, etc)  When you try to access that site again, the DNS 
Forwarder will send out the LAN IP first of 192.168.0.10, thus pointing 
your computer to the correct address for the service, and your website 
will come up, DNS name and all, just like people outside on your WAN 
will see.

I use this very helpful feature because I host many websites and typing 
in local IPs in the web browser sometimes doesn't work with them because 
they expect a DNS name to function or display properly.  I hope this can 
help someone who may have read the FAQ and thought, "oh dang, my old 
router would do that, what do I do now?".

Thanks,
Michael