Access external IP from inside the network?

Most SOHO routers don't support hairpin NAT (AKA NAT loopback), which is accessing an internal machine via the external IP, from inside the same LAN.

You need a better router. If your router supports the 3rd party DD-WRT firmware, you may want to try that. To configure hairpin NAT in DD-WRT, you can consult other SU questions such as:

DD-WRT: How to allow port forwarding to apply to requests originating from inside the LAN?


There already is an answer explaining why it won't work, but there are 2 solutions. The other answer only mentions one, so this answer is to provide you with an alternative.

Indeed, what you want requires NAT hairpinning, and it appears that your router does not support this.

Alternatively to replacing the router for one that supports it, you can setup a DNS server in your network. This could be on a server, but you can also download a DNS server program and run it locally. In your router, for DNS server, you configure the IP adress of the computer/server that runs this DNS server and in the DNS server you add a manual entry for your FQDN (domain) in your example, that would be sub.example.com and make it point to the internal ip address.

Everyone that uses this new DNS server will be able to access the site again, but you will not be able to detect problems with the online part. This is however how it's done in the real world with companies. They have an inhouse server running a DNS server and the domain they use for internal stuff is configured on the DNS server.