Access internal IP using public IP

I have a DSL modem with a public IP address (201.206.x.x), and I have a web server in my internal network (192.168.0.50).

I set up the modem to forward requests to port 80 to my web server, so, if I access 201.206.x.x from outside my network, it shows my web page, the same happens if I access 192.168.0.50 from a computer inside my network.

Now, the problem is when I try to access 201.206.x.x from my internal network, the browser tries to connect to the DSL modem configuration, instead of redirecting my request to my Web server.

Which settings do I have to change in the modem to set up this redirection?


Solution 1:

The problem is that the packet rewriting can generally only take place when traversing the firewall. Generally speaking routers cannot perform the necessary re-writing when the request is arriving from the same network the request would be re-written to. The common solution to this problem is to place a web proxy outside the network that loops the request back through your firewall.

I suspect your specific problem is that you would like to access the web site via its DNS host name. You can handle that by using "split-horizon" DNS, so it pays attention to where the request is coming from and answers appropriately: If the request is coming from inside your network, it hands out the 192.168.0.50 to requests coming from your network and the public IP to everyone else.

Either of these suggestions could be implemented on any host outside of your network, like a (free) Amazon EC2 micro instance.

Solution 2:

I would say @Insyte is onto something when he/she talks about the issue being a DNS resolution issue .. which then means the problem is packet rewriting (read @Insyte post again for that explanation).

Assuming you have the following setup:

  1. Public IP: 201.206.x.y
  2. Private IP: 192.168.0.50
  3. Port forwarding for all 80 (and 443 if you're doing SSL) on IP 201.206.x.y192.168.0.50

You then type the following in your browser, while you're in your internal network:

http://www.yourwebsite.com

and the error occurs. So, solution: hack your hosts file.

On Windows, go to C:\windows\system32\drivers\etc\hosts (notice, there's no extension on that file). On Linux, the file is located in /etc/hosts.

If you open that file up in Notepad, you can then see any entries that are used to override DNS. If you wish to update that file, you will need to open Notepad (or whatever program you're using to edit the file) with Administrator rights – otherwise you can't save the file.

Add this to your hosts file:

192.168.0.50 www.yourwebsite.com

Then restart your browser, enter the URL and violà! It's working. So this means, your browser doesn't rely on your DNS to resolve your domain to the IP. Instead, we're overriding this and saying: Browser, just go to my internal IP for that domain name, instead of asking DNS for the IP address.

If you're in an office, then you can get all the people who need to access this internal website, to hack their hosts file, or if you have an internal DNS, then you can add an entry into that.

Another idea is to have an internal proxy server (for all web surfing, etc) and then hack the hosts file on the proxy server. This means your browser will say, Proxy, can you please get me the resource http://www.mywebsite.com and the proxy says Sure, and because I've been told to ignore DNS for that domain, I'll just give the IP which has been hard-coded in my hosts file.

Solution 3:

This is a common problem with the way some routers handle traffic meant for their public address from an internal address - they don't follow the same port forwarding rules as requests from outside the network. What you need to look for in your routers is NAT reflection. This will allow the router to handle internal requests for the public IP to use the same port forwarding rules as if the request came from outside the network.

Solution 4:

I could help you better if you could give me your modem make and model...

But what happens here is that normally a router or modem config page should only appear when visiting their internal IP (192.168.0.1)

But what seems to be happening here is that it Identifies the incoming request (201.206.x.x) As coming from the inside so decides to give you the config page instead of the normal route to your web server...

Now if you're using a Consumer level modem, you probably aren't able to change this (sorry)

But maybe you can: Try and see if there is 'listen' settings in your admin config page

There you can try to either change your administration page to another port Or limit the adresses its listening for