9

I have setup a subdomain sub.example.com in the DNS-records of my domainname-provider that I linked to my external IP. I then forwarded port 80 in the router (Sitecom Broadband Router 54G) to the IP of my computer in the network. Now I can access the Apache server on my computer from outside using the subdomain.

But from inside the network, I can't access the subdomain. I guess this has to do wih the fact that I simply can't access the external IP from within the network, the router seems to block these requests.

I don't want to use the internal IP, since using the subdomain in all cases is easier to setup (I use my laptop inside and outside the network). I also don't want to change the hosts file, since this wouldn't work both inside and outside the network, I guess.

Any way to fix this, or should I get a new router?

Dylan
  • 343

2 Answers2

8

Most SOHO routers don't support hairpin NAT (AKA NAT loopback), which is accessing an internal machine via the external IP, from inside the same LAN.

You need a better router. If your router supports the 3rd party DD-WRT firmware, you may want to try that. To configure hairpin NAT in DD-WRT, you can consult other SU questions such as:

DD-WRT: How to allow port forwarding to apply to requests originating from inside the LAN?

Community
  • 1
Ƭᴇcʜιᴇ007
  • 113,841
4

There already is an answer explaining why it won't work, but there are 2 solutions. The other answer only mentions one, so this answer is to provide you with an alternative.

Indeed, what you want requires NAT hairpinning, and it appears that your router does not support this.

Alternatively to replacing the router for one that supports it, you can setup a DNS server in your network. This could be on a server, but you can also download a DNS server program and run it locally. In your router, for DNS server, you configure the IP adress of the computer/server that runs this DNS server and in the DNS server you add a manual entry for your FQDN (domain) in your example, that would be sub.example.com and make it point to the internal ip address.

Everyone that uses this new DNS server will be able to access the site again, but you will not be able to detect problems with the online part. This is however how it's done in the real world with companies. They have an inhouse server running a DNS server and the domain they use for internal stuff is configured on the DNS server.

LPChip
  • 66,193