> -----Original Message-----
> From: KnightMB [mailto:knightmb at knightmb dot dyndns dot org]
> Sent: Sunday, February 26, 2006 4:36 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] Why isn't it possible to access NATed services by
> the public IP addressfrom LAN? -- Part 2
> I couldn't find this anywhere, so I thought I would share.
> Maybe it can
> be added to the FAQ.
> Situation is, you have a m0n0wall with it's WAN address port
> mapped to
> the LAN address for a certain service (such as HTTP for example).
> So you have an WAN IP (example, 64.17.124.XXX) and port 80
> is mapped
> to an internal LAN where your web server sits (example, 192.168.0.10).
> Everyone outside on the WAN can access the website just fine,
> when they
> type in "myfavoritesite.net" in the web browser, but when you are
> sitting on the inside of the LAN and you type the same
> address at your
> PC you get either a login password screen for m0n0wall or
> nothing at all
> or some error that it could connect connect.
> Basically, your computer is trying to connect to the WAN
> also, but the
> rules and NAT don't allow for this. An easy workaround (great for
> corporate, internal websites) is to use the "DNS Forwarder"
> to create a
> "DNS override" domain to the IP address that is set to your
> LAN server
> computer. First, this only works if you use the DNS
> Forwarder service
> of m0n0wall. Second you enter in an "domain override" entry in this
> page for your website, in this case we use
> "myfavoritesite.net" for the
> domain and change it's IP address to the local IP of
> 192.168.0.10. Save
> and apply changes, flush the DNS cache of your own computer (reboot,
> release/renew IP, etc) When you try to access that site
> again, the DNS
> Forwarder will send out the LAN IP first of 192.168.0.10,
> thus pointing
> your computer to the correct address for the service, and
> your website
> will come up, DNS name and all, just like people outside on your WAN
> will see.
> I use this very helpful feature because I host many websites
> and typing
> in local IPs in the web browser sometimes doesn't work with
> them because
> they expect a DNS name to function or display properly. I
> hope this can
> help someone who may have read the FAQ and thought, "oh dang, my old
> router would do that, what do I do now?".
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
Virus checked by G DATA AntiVirusKit