6

Suddenly today—without explanation—I cannot access my web server from my local network. My router is an Actiontec MI424WR MI424WR (GigE for Verizon FiOS). I have verified that no browser running on any Windows PC can access the site within my LAN.

I have also verified that the site is up. Strangely, it seems to work within my network on Android devices. I have not yet tried iOS or Mac OS X. Just Windows and Ubuntu systems running a slew of browsers. They all give me a DNS error.

I have checked my “Windows Firewall” settings and see no recent changes. Same with my router. My network is performing normally other than this anomaly, which suddenly started happening today.

I host the website myself, but I tried going to my registrar (1&1 Internet) to see if something happened there. I get the same DNS error as with my website, although “IsItDownRightNow” insists that their services—as well as my web server—are up and running.

If I type the internal IP of my server into any browser the site works. If I type the external IP I get the DNS error.

Any ideas? My server is still up and running, so this isn’t super critical. I would like to be able to access my own server, however.

Justin
  • 61

3 Answers3

2

If I type the internal IP of my server into any browser the site works. If I type the external IP I get the DNS error.

So your web server is inside your network, but you cannot access it via the external IP address and other services can get through to it outside of your network?

My money is on some kind of NAT loopback setting on your router being reset or deactivated. NAT loopback allows you to access port-forwarded services—like web services on port 80—on your router’s external IP address as well as the internal IP address.

Is your router perhaps an ISP-supplied router/modem combo? It could be that your ISP reset or upgraded the router/modem firmware and the NAT loopback settings were munged in the process. Many ISPs reserve the right to remotely access the router/modem the provided you with to perform routing maintenance at times and something like NAT loopback is a fairly non-standard setting that could be easily overlooked—or ignored—during such a reset. Now I am not condoning your ISP reseting your equipment without your knowledge, but just putting that out there as something that might happen if you are using ISP supplied equipment.

I would recommend going into your router’s config to see if NAT loopback options—or something similar sounding—exists and see if adjusting that clears things up.

EDIT/UPDATE: Now knowing your router is an Actiontec MI424WR MI424WR (GigE for Verizon FiOS), I can honestly say this: The chances of Verizon mucking around with your modem/router without you knowing are quite high. When I had a residential Verizon DSL account a few “outages” ended up being “upgrades” I was not told about. And pretty much every contract/corporate gig I have had involved at least one incident of Verizon “updating” equipment remotely without telling anyone and then someone coming in the next day to clean up the mess; usually a simple modem reboot but it’s not “simple” when you don’t know what is happening.

All that said, I did find this nice page explaining how to configure a Verizon FiOS router/modem for NAT loopback which boils down to this; I am editing this to be a bit clearer and generic:

  • Poking around my router’s interface, I searched for DNS settings. I found what I needed under the “Advanced” section.

  • After confirming that I wanted to proceed, I clicked the DNS Server section.

  • And added an entry for [my domain name] pointing to my router’s private IP address.

  • I saved my changes, ensured that my computer was receiving its DNS settings from the router, and voila! I could now browse to [my domain name] from within my network successfully!

Giacomo1968
  • 58,727
0

For my firewall, open source pfSense, this was called NAT reflection. I was experiencing the same issue, but this article helped me figure it out. I enabled on the NAT rule, NAT reflection in pure nat mode.

Phil Williams
  • 1
0

Same as Phil Williams, I was able to resolve a similar issue by enabling NAT reflection. In PFSense, you can do that either on the NAT rule or system-wide. I chose to do it system-wide.

To do it system-wide:

  1. Click the "System" tab at the top of the webconfigurator screen (accessed through your web browser).
  2. Click on the "Firewall & NAT" sub-menu item.
  3. Find the "NAT Reflection mode for port forwards" item under the "Network Address Translation" section.
  4. Select the "NAT + proxy" item.
  5. Save your changes at the bottom of the page.

It may take about 30 seconds to take effect.

Hoyb
  • 1