Accessing Public Ip Inside Lan

Hi, Iam a network admin in a software company. I have a problem with a Public IP. I have webserver in my LAN having a local ip 192.168.3.5 which is Natted with a Public Ip 122.169.X.X in cisco router. now the problem we are facing is : from outside Lan people are able to access the webserver using Public IP, But we are unable to access webserver using Public IP from inside Lan . ( We are able to access using local IP 192.168.x.x). What is the reason? Is there any NAT related issue in router behind that? Can we access a Public IP from inside LAN ? plz help me..!

Your router or firewall probably doesn't allow you to access the external IP from inside your LAN, many block such access for security reasons.

You're inside the LAN, same as your server, so there's no way to get to the public, NAT'd address. The address is only tranlated when there's inbound or outbound traffic through the WAN port of your router. Your traffic, from the LAN, never reaches the WAN port.

Use the private IP. What's the real problem you're having here?

Dopes

My el-cheapo linksys router lets me use my external public IP from inside the LAN. I don't know if the router loops the traffic, of if it goes out to my gateway and then comes back, but it does work, which makes configuration of many web apps used internally much easier since the public IP shows up in the http headers, not an internal LAN ip.

All good firewalls/routers (such as Cisco) will reject external traffic that states it's coming from a non-routable (private) IP address as it looks as if someone s attempting to spoof the source of the request...

If you have a dedicated internal DNS server (such as in an AD domain) you can create a new forward lookup zone in DNS (or if you're using your internet FQDN, just create a host record) and create a 'WWW' host record to point to the LAN IP address of your web server.

If this is not possible, simply map the domain name to LAN IP address in your 'hosts' file.

In the headers to what? Another computer/server on your inside LAN on the private IP addresses? Or to a server out on the Internet?

Thanks for ur reply, I understood. But one thing I want to explain, before I didnot tell u full details of my NAT Config. Actually that webserver is not registered. It is under construction and It is tomcat server using port 8080. So for demo purpose of clients access, we natted our local system to the public IP like : ip nat inside source static tcp 122.169.200.103 8080 192.168.3.6 8080 ( I did port forwarding here, from outside to inside trafic translation is ok.. )


By this, outside people are able to reach the port 8080 of our local machine by that public ip we natted. But when we try to access the local machine which is natted with public ip for port 8080, Iam unable to access the contents in the browser. Here as you said , if a request arrives at my routers WAN interface my router translates that public IP into my Local Ip which is natted with. But if I ask the same PUblic IP from inside the lan by port no, where does that request go ..?

If I request my Public IP from inside the lan , what happens actually ? you said that my request never reaches the WAN port..! If it, where does It go? Can I redirect that by any configuration change (NAT, destination b) sothat It can reach my local machine, even I try to access with public IP.


one more question : Generally ISP gives us a public IP pool, those public ips are located where ? Is there any difference between Public Ip and WAN IP?

Thanks...

Here's probably what happens...

Your PC (SOURCE:192.168.3.2) makes a request for 122.169.200.103 (DEST).

1. Your router recieves the request and looks in the routing table. There is no route for 122.169.200.103, so the router forwards the packet towards the default route. The default route is towards the ISP, out of the WAN port.

2. Before the packet leaves the router, the SOURCE IP address is translated to a public IP. So the request is now for DEST 122.169.200.103 with a SOURCE of 122.169.200.102 (assuming).

3. The ISP receives a request for a DEST 122.169.200.103. The ISP looks in it's routing table and finds out that the route to that destination is the same interface that the request was just received on and it drops the packet. It's not going to forward a request back out the same interface it came in - that would create a routing loop (or it assumes).

May not be _exactly_ how it happens, but it's probably close.

Dopes