0

So I have a server. Its up and running. It is accessible by Proxy servers. Problem is - server is accessible out of local network by its global name and not accessible inside by that name...

I used windows NAT Traversal api (UPnP) to make my server acsessible out of local network...

How to make it avaliable for computers in local network acsess my server using that not localIP adress?

Long story with details:

On local machin I have a server (VLC for example broadcasting live video data from my webCamera onto some socket) I can access it on 127.0.0.1:5281 (loopback) and on my local network (I have ADSL Router with 4 ethernet ports + wify) by going on to 192.168.1.13:5281 - its my adress on local network created by router.

I used free opensource programm like this to Forward (bind) my port 4773 using UPnP to my external IP adress 97.132.48.111 (for example) as port 33333 so now any one out there (internet users, proxy servers etc) have access to that live stream just by going to url like 97.132.48.111:33333

But me, or users from my local netwok where my adress is 192.168.1.13 can not access my stream using 97.132.48.111:33333 only using 192.168.1.13:5281

My Question is why I can not get data from my stream using global adress, Is it possible (and if it is how) for me and guys from my local network to get stream data using global adress?

So as I said I used a programm that used protocoled requests (UPnP) to forward port. Can I configur (at least theoretically) my router using some protocol like UPnP for it to make my router\nat smart? Are there any such protocols?

So for me main point is to do it using programms that use open protocols as much as possible because I am a programmer and my point is to create programm that would allow ADSL users to open up their servers and acsess tham in a way I described in my question - by global adress (which btw can be temporary - I have a temporary one) =)

As for now I use UPnP libs in my programm to forward port. Now I need some protocol to configure routers to be a littel smarter. Does any one know such?

Blender
  • 115
  • 1
  • 6
  • What kind of service are you trying to access? Web server, FTP, SMTP, SMB/CIFS, something else entirely? – Chris S Jun 26 '10 at 17:23

2 Answers2

3

Unfortunately your question lacks details, but if I look into my crystal ball I get get the idea that you have a web server hosted on your network inside a NAT, and you have the public IP address of the server in DNS.

You probably need to setup setup a split view DNS. This means you need to serve the internal IP in response to DNS requests from hosts inside your NAT, and the external address to hosts outside.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
2

Zoredache had the right idea. The problem is with how NAT works. Without doing anything special, and using a NAT gateway that isn't smart, this is what is happening with your packets.

  1. Internal User (located at 192.168.1.30) connects to 93.100.45.201:33333. A SYN packet it sent.
  2. The NAT gateway forwards that connection to 192.168.1.13:4773.
  3. The server at 192.168.1.13:4773 sees 192.168.1.30 sent it a SYN packet to 4773 in order to start the TCP conversation. It replies with SYN/ACK to 192.168.1.30.
  4. The internal user (192.168.1.30) sees the SYN/ACK packet from 192.168.1.13 and drops it on the floor. It was expecting SYN/ACK from 93.100.45.201.
  5. After 3 and 9 seconds (or so) 192.168.1.13 retransmits SYN/ACK again, which 192.168.1.30 dutifully drops on the floor since it is STILL waiting for 93.100.45.201 to get back to it.

You have two options here. The first is as Zoredache pointed out, and create a split horizon DNS (internal users see one set of DNS entries, external users see another). That way the same name can point to two different IP addresses based on where you are.

The second way to fix this is to use a NAT gateway that is smart enough to recognize this particular routing. Instead of blindly forwarding 192.168.1.30's packet unchanged, it'll rewrite it so the source is the gateway itself. This is called a Source-NAT (and can be called many other things depending on who is selling the box). This inverts the NAT so it is the source that is rewritten, not the destination.

The first way is the cheapest to set up, since you can run your own DNS servers internally and the rest is just config changes of various types. The second will cost money, but should Just Work if you get it in place.

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
  • So as I said I used a programm that used protocoled requests (UPnP) to forward port. Can I configur (at least theoretically) my router using some protocol like UPnP for it to make my router\nat smart? Are there any such protocols? (So for me main point is to do it using programms that use open protocols as much as possible because I am a programmer and my point is to create programm that would allow ADSL users to upen up their servers and acsess tham in a way I described in my question =)) – Blender Jun 28 '10 at 20:13
  • 1
    The feature you're looking for is also called "Loopback NAT". Some routers do it intelligently out of the box, others don't. It doesn't appear to have any presence in the UPnP standards. – sysadmin1138 Jun 28 '10 at 20:33