I am setting up a pretty awesome server in my place, it's got VPN, HTTPS, FTP, and a lot of other fun stuff. Problem is I cannot access this server (which is on the same network) from the WAN IP. When outside my local network (either physically or through an external VPN connection) everything works just fine. I have placed my server in the DMZ instead of manually opening up a bunch of ports, do you think this has something to do with it?
Asked
Active
Viewed 573 times
2 Answers
2
This is normal. Port forwarding (destination IP address rewriting) only works on traffic from the outside in. It breaks if traffic originates from the inside. From the inside, access it using the LAN IP, or set up Hairpin NAT (also called "loopback NAT", a form of dual NAT) if your router supports it.
This answer explains in great detail why it won't work.
David Schwartz
- 62,365
2
Unfortunately, it sounds your router has a crappy NAT engine. It should be doing hairpin NAT, but it sounds like it's not.
The IETF's "Best Current Practices" documents for NAT gateways make hairpin NAT support a requirement.
RFC 5382 / BCP 142: "NAT Behavioral Requirements for TCP"
RFC 4787 / BCP 127: "Network Address Translation (NAT) Behavioral Requirements for Unicast UDP"
