0

So here is my issue, I have a website hosted from a virtual machine on my server and am using a dyndns service to point a url to my IP. My ISP recently set up a new modem which unfortunately has its own built in gateway and router. After fighting it to forward port 80 I tested it by trying to navigate to the site via the URL and it didn't work, then I tested it on my phone connected to cell data network and it worked! I am able to visit the site via the URL as long as I am not connected to my network. i find this very weird and cannot figure out why.

I am able to view the site on my network by typing in the local IP of the server.

Any suggestions why this might be occurring?

Mike2414
  • 59
  • 2
  • 8

3 Answers3

0

Yes, this is a pain. Usually your modem won't route traffic from inside that's destined for its public IP address.

When you come from outside, the traffic hits the modem from the external line, and the port forwarding rules get applied, and the traffic reaches your web server. But those port forwarding rules don't get applied to internal traffic. You're trying to browse the web server on the modem, rather than on your server.

I did once find a modem that allowed forwarding of internal traffic, but that was a long time ago, and I haven't see one like it since. What I do these days is to use the internal address when I'm on the internal network, and the external address when I'm not. For things that get scripted, I have a little function that determines whether I'm on my local network or not, and programmatically chooses the right way to address the server.

chiastic-security
  • 20,430
  • 4
  • 39
  • 67
  • I kind of figured that, My old set up with a modem and router separate worked out perfectly. Now my ISP says that I need to use the modem they provide and charge me to rent. The main reason I found it as an issue is that I wanted to test to ensure that the port was forwarded correctly and I was thinking that it wasn't working even though it was most likely working from the start – Mike2414 Aug 19 '14 at 14:21
0

This is because your router does not support hairpinning (or does not have it set up).

From Cisco Support Community:-

The term hairpinning comes from the fact that the traffic comes from one source into a router or similar devices, makes a U-turn and goes back the same way it came.

Visualize this and you see something that looks like a hairpin.

Hairpin NAT is a useful technique for accessing an internal server using a public IP. Since you are using a public IP to attempt to access a server in your network, the traffic will attempt to go out to the internet. In order to reach the server, the traffic will need to be redirected to the correct location.

Community
  • 1
  • 1
SilverlightFox
  • 32,436
  • 11
  • 76
  • 145
0

The problem is how you are doing your internal routing DNS.

You can do DNS Lookup and trace route to see where the Website name is not resolving and whether if you ping the domain e.g. ping something.com return the public IP.

I resolved ours by doing policy routing on website FQDN to go through a different WAN. It's working fine. This works for those with different WAN terminating at the site.

The other way is redo the DNS configuration in internal network.

Peter Kanda
  • 11
  • 1