-2

So, I recently found out that my ISP has this free feature, so I decided that I want to build a small server back home, to run a few stuff as a FTP, HTTP, SSH, few databases, you got the idea.

Maybe I should start by shortly describing my local network. I have a router and a main PC, the PC will run all the servers. I configured DHCP to keep 192.168.0.2 for main PC's MAC address, and created a virtual server (Forwarding -> Virtual servers -> Add new) that maps port 80 to 80 on 192.168.0.2, both TCP and UDP. I'm also running apache2, on ubuntu 16.04, and obviously can access localhost and see apache main page (on the main PC).

After many unnecessary reboots (I thought it will work!) I found out the from my laptop connected to the same router (lets say 192.168.0.3) I cannot connect to my main PC by typing the external ip or the sudomain, only by the internal IP address 192.168.0.2. If I connect to another network with my laptop (hotspot) and try to access the subdomain, it works.

I want to be able to access my subdomain from inside my local network, but apparently I can't, only from the outside.

Now I think that it's definitely from my router configuration, maybe I should set some kind of default gateway, to stop searching for the subdomain, because it's hosted right here. Anyone has a clue of what I should do?

Vlad Potra
  • 161
  • 1
  • 2
  • 11

1 Answers1

0

This depends entirely on how the router is configured (the NAT component).

Basically, the router has two (or more) IP addresses: the public one (let's say 128.66.1.1) on the WAN port, and the private one (in this case, let's assume 192.168.0.1) on the LAN port. Assuming a transmission to port 80 (HTTP) and correct port forwarding configuration, two scenarios are possible:

  • You're outside the network (eg. in a cafĂ©): any transmission (packet) will be routed to your home router by using the external IP address 128.66.1.1. Then, when the packet arrives on the WAN port on your router, the Port forwarding (or DMZ) setting will re-route the packet to 192.168.0.2. Everything is fine.
  • You're inside the network: if you use the external IP address 128.66.1.1 (either by using it directly, or with any DNS name), the packet will be sent (by your PC) to the router LAN port in order to be routed to internet (your PC don't know that 192.168.0.2 is the final destination). If the router is configured to distinguish between packets sent to 128.66.1.1 and packets sent to 192.168.0.1, then it will detect that the packet is meant to be routed to the external IP address assigned to WAN, and then it will use the same port forwarding settings as if the packet is entering from the WAN port. If it's not capable to distinguish between these two cases, you'll end up as the scenario that you're describing (in other words, the router will respond with its own resources, as if you contacted its internal IP).

Some routers can be configured from the UI, others requires a firmware modification (which can't be done by end users).

On iptables-based firewalls, this setting is controlled by the using of flags in rules of PREROUTING and POSTROUTING chains (nat table). Also, you need to configure a NAT rule (either SNAT or MASQUERADE) for packets that are coming from the internal network, with destination the external IP.