#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2008
    Posts
    47
    Rep Power
    7

    Accessing Public Ip Inside Lan


    Hi, Iam a network admin in a software company. I have a problem with a Public IP. I have webserver in my LAN having a local ip 192.168.3.5 which is Natted with a Public Ip 122.169.X.X in cisco router. now the problem we are facing is : from outside Lan people are able to access the webserver using Public IP, But we are unable to access webserver using Public IP from inside Lan . ( We are able to access using local IP 192.168.x.x). What is the reason? Is there any NAT related issue in router behind that? Can we access a Public IP from inside LAN ? plz help me..!
  2. #2
  3. No Profile Picture
    Stumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,409
    Rep Power
    4538
    Your router or firewall probably doesn't allow you to access the external IP from inside your LAN, many block such access for security reasons.
    ======
    Doug G
    ======
    It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi
  4. #3
  5. Contributing User
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2004
    Posts
    1,124
    Rep Power
    157
    You're inside the LAN, same as your server, so there's no way to get to the public, NAT'd address. The address is only tranlated when there's inbound or outbound traffic through the WAN port of your router. Your traffic, from the LAN, never reaches the WAN port.

    Use the private IP. What's the real problem you're having here?

    Dopes
    I am nothing now
    and I'll be nothing when
    this nothing world
    has it's nothing end.
    -- Violent Femmes
  6. #4
  7. No Profile Picture
    Stumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,409
    Rep Power
    4538
    You're inside the LAN, same as your server, so there's no way to get to the public, NAT'd address.
    My el-cheapo linksys router lets me use my external public IP from inside the LAN. I don't know if the router loops the traffic, of if it goes out to my gateway and then comes back, but it does work, which makes configuration of many web apps used internally much easier since the public IP shows up in the http headers, not an internal LAN ip.
    ======
    Doug G
    ======
    It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi
  8. #5
  9. Network Engineer
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2004
    Location
    127.0.0.1
    Posts
    733
    Rep Power
    214
    All good firewalls/routers (such as Cisco) will reject external traffic that states it's coming from a non-routable (private) IP address as it looks as if someone s attempting to spoof the source of the request...

    If you have a dedicated internal DNS server (such as in an AD domain) you can create a new forward lookup zone in DNS (or if you're using your internet FQDN, just create a host record) and create a 'WWW' host record to point to the LAN IP address of your web server.

    If this is not possible, simply map the domain name to LAN IP address in your 'hosts' file.

    Comments on this post

    • hiker agrees
    Last edited by PWD; April 27th, 2008 at 10:03 PM.
    PWD

    New Windows Administration Forum
    Nettric
  10. #6
  11. Contributing User
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2004
    Posts
    1,124
    Rep Power
    157
    Originally Posted by Doug G
    My el-cheapo linksys router lets me use my external public IP from inside the LAN. I don't know if the router loops the traffic, of if it goes out to my gateway and then comes back, but it does work, which makes configuration of many web apps used internally much easier since the public IP shows up in the http headers, not an internal LAN ip.
    In the headers to what? Another computer/server on your inside LAN on the private IP addresses? Or to a server out on the Internet?
    I am nothing now
    and I'll be nothing when
    this nothing world
    has it's nothing end.
    -- Violent Femmes
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2008
    Posts
    47
    Rep Power
    7

    Accessing public ip


    Originally Posted by ITADopes
    You're inside the LAN, same as your server, so there's no way to get to the public, NAT'd address. The address is only tranlated when there's inbound or outbound traffic through the WAN port of your router. Your traffic, from the LAN, never reaches the WAN port.

    Use the private IP. What's the real problem you're having here?

    Dopes
    Thanks for ur reply, I understood. But one thing I want to explain, before I didnot tell u full details of my NAT Config. Actually that webserver is not registered. It is under construction and It is tomcat server using port 8080. So for demo purpose of clients access, we natted our local system to the public IP like : ip nat inside source static tcp 122.169.200.103 8080 192.168.3.6 8080 ( I did port forwarding here, from outside to inside trafic translation is ok.. )


    By this, outside people are able to reach the port 8080 of our local machine by that public ip we natted. But when we try to access the local machine which is natted with public ip for port 8080, Iam unable to access the contents in the browser. Here as you said , if a request arrives at my routers WAN interface my router translates that public IP into my Local Ip which is natted with. But if I ask the same PUblic IP from inside the lan by port no, where does that request go ..?

    If I request my Public IP from inside the lan , what happens actually ? you said that my request never reaches the WAN port..! If it, where does It go? Can I redirect that by any configuration change (NAT, destination b) sothat It can reach my local machine, even I try to access with public IP.


    one more question : Generally ISP gives us a public IP pool, those public ips are located where ? Is there any difference between Public Ip and WAN IP?

    Thanks...
  14. #8
  15. Contributing User
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2004
    Posts
    1,124
    Rep Power
    157
    Here's probably what happens...

    Your PC (SOURCE:192.168.3.2) makes a request for 122.169.200.103 (DEST).

    1. Your router recieves the request and looks in the routing table. There is no route for 122.169.200.103, so the router forwards the packet towards the default route. The default route is towards the ISP, out of the WAN port.

    2. Before the packet leaves the router, the SOURCE IP address is translated to a public IP. So the request is now for DEST 122.169.200.103 with a SOURCE of 122.169.200.102 (assuming).

    3. The ISP receives a request for a DEST 122.169.200.103. The ISP looks in it's routing table and finds out that the route to that destination is the same interface that the request was just received on and it drops the packet. It's not going to forward a request back out the same interface it came in - that would create a routing loop (or it assumes).

    May not be _exactly_ how it happens, but it's probably close.

    Dopes
    I am nothing now
    and I'll be nothing when
    this nothing world
    has it's nothing end.
    -- Violent Femmes

IMN logo majestic logo threadwatch logo seochat tools logo