How to implement Nat loopback/reflection?

nat

I'm trying to access a server on my LAN via its public IP address. External clients can connect just fine, but I'm unable to do so from within the LAN. There is a separate rule in the NAT settings of my gateway (which translates subnet addresses to the public interface IP, but is otherwise identical), but it doesn't appear to be working properly.

How would I correctly set things up to access a local resource via a public IP address?


The most common problem is that your gateway rewrites the destination address of the packet to the internal server, but not the source. So, when the internal server responds it sees that the packet came from something on the local network, sends back the packet directly - and the client can't tell this is from the server, because the packet still has the internal, not the public, address on it.

The standard fix is to force the traffic to come back through your gateway. One way to achieve that is to put the server that the public address redirects to in a "DMZ", so that traffic between the client and the server has to pass through the router.

The other way is to also apply NAT to the source address of internal connections to the external IP, so that they look like they come from the gateway. The internal server will then respond to the gateway, that will undo both NAT changes, and send the packet back to the internal client.


I know it isn't what you are asking, but the way I've setup my internal network is via split DNS: machines within the network get internal addresses when looking up home.domain.tld, mail.domain.tld and so forth. No address translation to worry about (well, unless there is something else between the client and server of course), nothing client-side cares that it is not talking to a publicly routeable address, server-side will only care if you have things specifically binding to the external interface and not the other(s), and unlike with NAT all the internal hosts don't look the same in log files (which can be a help if you need to use said logs to diagnose a problem being experienced on the local network).

Related

How to improve Hyper-V performance
Apache redirect from http to https not working
Forcefully un-suspend a Parallels VM without starting Parallels
I am retiring and my apple ID and email will be cancelled by my employer. How do I keep some of the content from apple id?
How to delete certain cells from Numbers?
iPhone: How to sync large library of MP3 + flac files from Win10 laptop
How to run .vtt and .srt files with videos using QuickTime Player
Are there common causes of a text message sound in the night, but no text message?
How to remove MacOS and install Ubuntu
Can I get an alert when my iPhone 5S is unplugged?
Moving files from a Broken iMac
Disk Is Full Error When Copying Large Folders Onto Empty HDD