RE: [m0n0wall] Why isn't it possible to access NATed services by the public IP addressfrom LAN? -- Part 2

From:	"Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
To:	"KnightMB" <knightmb at knightmb dot dyndns dot org>, <m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] Why isn't it possible to access NATed services by the public IP addressfrom LAN? -- Part 2
Date:	Sun, 26 Feb 2006 04:40:32 +0100

http://doc.m0n0.ch/handbook/faq-lannat.html

> -----Original Message-----
> From: KnightMB [mailto:knightmb at knightmb dot dyndns dot org]
> Sent: Sunday, February 26, 2006 4:36 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] Why isn't it possible to access NATed services by
> the public IP addressfrom LAN? -- Part 2
> 
> 
> I couldn't find this anywhere, so I thought I would share.  
> Maybe it can 
> be added to the FAQ.
> 
> Situation is, you have a m0n0wall with it's WAN address port 
> mapped to 
> the LAN address for a certain service (such as HTTP for example).
> 
> So you have an WAN IP (example,   64.17.124.XXX) and port 80 
> is mapped 
> to an internal LAN where your web server sits (example, 192.168.0.10).
> 
> Everyone outside on the WAN can access the website just fine, 
> when they 
> type in "myfavoritesite.net" in the web browser, but when you are 
> sitting on the inside of the LAN and you type the same 
> address at your 
> PC you get either a login password screen for m0n0wall or 
> nothing at all 
> or some error that it could connect connect.
> 
> Basically, your computer is trying to connect to the WAN 
> also, but the 
> rules and NAT don't allow for this.  An easy workaround (great for 
> corporate, internal websites) is to use the "DNS Forwarder" 
> to create a 
> "DNS override" domain to the IP address that is set to your 
> LAN server 
> computer.  First, this only works if you use the DNS 
> Forwarder service 
> of m0n0wall.  Second you enter in an "domain override" entry in this 
> page for your website, in this case we use 
> "myfavoritesite.net"  for the 
> domain and change it's IP address to the local IP of 
> 192.168.0.10.  Save 
> and apply changes, flush the DNS cache of your own computer (reboot, 
> release/renew IP, etc)  When you try to access that site 
> again, the DNS 
> Forwarder will send out the LAN IP first of 192.168.0.10, 
> thus pointing 
> your computer to the correct address for the service, and 
> your website 
> will come up, DNS name and all, just like people outside on your WAN 
> will see.
> 
> I use this very helpful feature because I host many websites 
> and typing 
> in local IPs in the web browser sometimes doesn't work with 
> them because 
> they expect a DNS name to function or display properly.  I 
> hope this can 
> help someone who may have read the FAQ and thought, "oh dang, my old 
> router would do that, what do I do now?".
> 
> Thanks,
> Michael
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 

____________
Virus checked by G DATA AntiVirusKit