Why can't I access my web server from outside the network?

I set up an Apache HTTP server on my Macbook, just so I could have access to the full functionality of PHP while I learn the language. I don't have a registered domain name or consistent network access, so the idea of hosting an actual website on this server is not feasible; I'm just doing this for learning purposes.

Anyway, I was wondering something. I noticed that when I enter my private IP address into a web browser (not the loopback address but the actual DHCP-assigned address), I can access web pages hosted by my server, which I think means I can access it from outside my computer. However, when I enter my public IP address, I get a network timeout, which I would guess means I can't access my web server from outside the local network (unless the connection is just really slow).

I am wondering why this is. Is there a layer of security set up that prevents people from accessing computers inside a LAN from outside?


There may be three blocking hops in the line, starting from your computer:

  • your OS may have a firewall configured and blocking incoming requests. You can check this using a different machine on the same subnet/different subnet, but still behind your home router. I am not familiar with MAC OS so I can not tell you, how to configure the firewall.

  • Your home router (or most of the wifi routers) you connect to uses NAT to "hide" the subnet behind it and allow your multiple devices communicate on the single global IP address you get from the ISP. If you do a request to a remote server from LAN, from any device, the remote will see that the request originated by your router. If you do a request from outside to your public IP address, you actually adressing your router. If you want all HTTP requests that addressed to your router be served by your laptop behind it, you have to add a port-forward rule in your router's menu to the laptop's IP address and port 80 (standard HTTP port), or port 443 for HTTPS.

  • Nowadays it is more and more common that ISPs doesn't even give you a public (globally routable) IP address. The ISP also uses NAT (to save global IPv4 addresses), the outside IP address of your router comes from your ISP's private subnet. This would require to register a port-forward rule in the ISP's router, which they will not do for you. You can not access your laptop from the internet in this case.


The reason this happens is due to NAT Translations.

When you connect to the internet, your ISP gives you a public IP address so you can communicate with the internet.

When someone on the internet wants to access your webserver, and they enter the public IP address, the router then needs to know where in the network the request is heading to. This is called NAT translations. It is done by setting up a port mapping.

Websites use HTTP traffic, which defaults to port 80, so you would need to create a rule in the router to tell that port 80 needs to be forwarded to the Internal IP address. Once this is done, and that someone from outside enters your public IP address in their browser, your router now knows that it has to forward the request to your macbook.

Now, there is one addition to the question. If you setup port forwarding, most routers will not understand that your public ip address is that of your own, so you most likely still cannot access your website from your own public ip address.

Your macbook sends the request to the router, which sends it to the ISP, the ISP sends it back and the router is not expecting it, so it ignores the request, resulting in a time out because it can't connect to itself.