Welcome to the Spectrum Community

Get answers, share solutions, help your community.

Start here

no access to my own internal server

trident50trident50 Posts: 2
in Home Networking Aug 02, 2018

Hi,

 

 

I have an Arris modem and a Sagemcom Fasst 5260 router. I'm running a test server in my home and the server is on the dmz. From any network, other than my home network, the server can be accessed, no problem, via it's external IP or the subdomain I pointed to it. I can't even ping it's external IP/subdomain from within my home network.

 

If I try to access it via my internal network, 192.168.1.x, it works perfectly.

 

Anyone have any ideas???

 

Thanks!

Rob

 

 

Comments

  • EddieAEddieA Posts: 91 ✭✭✭✭
    Aug 02, 2018

    @trident50 wrote:
    I can't even ping it's external IP/subdomain from within my home network.

     

    If I try to access it via my internal network, 192.168.1.x, it works perfectly.


    Unless the router supports NAT loopback, sometimes called hairpin, (explanation here) then you cannot access the external IP or domain from within your own network.

     

    Cheers.

  • RAIST5150RAIST5150 Posts: 670 ✭✭✭✭
    Aug 02, 2018
    Basically a gotcha with how NAT and forwarding is identifying which packets go to which internal IP and then forwarding them accordingly.

    More or less, you are still running in a one to many scheme and not a one to one scheme. Connections that are not assured and tracked to a specific internal IP are forwarded to the DMZ... vs all in-bound traffic over an external IP being forwarded to the DMZ's internal IP. And that is another issue too... you are only filtering/directing unsolicited inbound traffic... packets flowing inbound only from the external side towards the internal side (not internal to external and then BACK into the internal). You can find better explanations if you research NAT loopback.

    One sort of workaround would be to edit the hosts file to alias the external IP or a handy name like WEBSERVER to the internal IP on your client. Basically, if you do this on a Windows system, when you request a connection to a name or address, it redirects that request to the assigned address you want it to use. Normally, people only add hosts file entries for things like machine names and domain names (like I could add an entry for HPLASER to point to it's IP and then I could ping "HPLASER" from that machine to ping the printer). But sometimes you can actually map IP addresses as well.

    Not exactly a graceful workaround by any means, but it may work well enough for quick verification that services are up and such. May need to take some extra steps to make sure the service/servlets are listening for both internal and external IP' s though... very rare, but the possibility may exist depending on how the services work. If it works internally, you could also add a different entry that points to the external address as well. This way you have a handy name for testing externally as well. You could have an entry for home.lan that points to the internal address, and then an external name like mytomcat.com that points to the external address for testing when you are actually outside your network.

    Another thing you could try is to use a VPN service. Mileage may vary with this approach though. Many will default to allowing local LAN access, so you still get hit by the "loopback" issues. If you can toggle that local LAN access option off, that client will be forced to send all traffic through the tunnel to the VPN's endpoint first, essentially simulating you being on an external IP address--allowing you to then be routed back to the external address again. This may still not work quite right depending on how the VPN is encapsulating though. But it is something you could try if you are already using a VPN service. Free VPN' s may not provide the flexibility to make it work, but most paid-for VPN's will offer a free trial period (or even a free limited use option like 500MB a month or something) that you could use for testing the idea.
  • trident50trident50 Posts: 2
    Aug 02, 2018

    Thank you Eddie and Raist!

    There is a "route" tab in the router which may work...but yes, it's just to ensure that it's up so I can just check it on my phone as well.

     

    Appreciate it!

This discussion has been closed.