What you are talking about is known as hairpin nat. the expectation is that packets leave the local machines, go through to the router, then take a hairpin turn and get redirected back inside the network to the internal hosts. there are 3 ways of handling this as it should be noted that many router models do not support hairpin nat. The first filthy method is to alias www.whatever to internal ip addresses using hosts files c:\windows\system32\drivers\etc\hosts and do it on all the internal boxes. This means packets never hit the router so you don't need the hairpin nat at all. Googling might give you a way to turn on hairpin nat in the modem but this is unlikely. the 3rd method is to have internal and external dns, with the internal dns mapping the ips to internal machines and the external having the real stuff in it. this can be done with views on a copy of bind if your Linux box has it or something else. Hope this helps. I'm looking at dd-wrt myself but frankly the do this do this and do this but don't do this or you'll brick your router has me a bit scared especially as i'm running wrt54gs v1.1 devices for my testing. I know I can do hairpin nat on my Mikrotik however I have to add specific rules to the firewall to make it happen, messy. regards, Kerry. On 18/01/2012 7:13 PM, Darragh OHeiligh wrote:
Sorry, my questions are usually much more targeted at enterprise environments but this morning I'm thinking about my home set up.
I've downsized a lot recently. From running Hyper-V on two dedicated 2900's and 2950's and PFSense on a dedicated appliance I've gone to running just one Linux server on a cut down Asus system.
I had to do it for a number of reasons but basically, it was becoming too difficult to manage and do everything else as well.
I'm encountering a limitation of my newly purchased Belkin router. It's an N600 and for various reasons it doesn't support any variant of DDWRT.
external services are running fine thanks to it's port forwarding / virtual servers or what ever terminology it wants to use. So, on the internet I can access systems on port 80 or 443 etc.
The problem is that inside the network, I cannot access these systems. I know that DNS etc is working fine because if I ping one of the hostnames it resolves to the public IP but if I try to access the system using http for example the traffic never gets to the server. I'm assuming it's getting stuck at the router side. The router is likely not forwarding traffic origionating from an internal address back through the router to the internal server.
Weird ay?
Any ideas?
Thanks
Regards
Darragh Ó Héiligh Fujitsu
Offices of the Houses of the Oireachtas, Fredrick Building, South Fredrick Street, Dublin2 Telephone: +353 (1) 618 3559 Email: darragh.oheiligh@oireachtas.ie Internet: http://www.oireachtas.ie _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins