Destination NAT Onto the Same Network from internal clients

iptables router nat port-forwarding
5,180

This is because if your internal client tries to communicate with the server (within the same subnet) using the public IP, it has to send the request via the gateway (NAT box). The gateway will then do the DNAT from public IP to server private IP and then forwards it.

In the normal case, the web server will a request coming from the internal client IP address (same subnet). So, it will send back the reply directly without going through the gateway. The client will refuse to process the reply as it is sending to public IP and receiving the response from another (private) IP. It is confusing. Isn't it?

One solution is to talk to the server using private IP from internal clients. This can be hidden by implementing DNS split (internal & external views).

Another option is to force the traffic (from/to server) to go via the gateway (NAT box).

Share:
5,180

Related videos on Youtube

Admin
Author by

Admin

Updated on September 18, 2022

Comments

  • Admin
    Admin over 1 year

    I have a DSL router which acts as NAT (SNAT & DNAT). I have setup a server on internal network (10.0.0.2 at port 43201). DSL router was configured to "port forward" (or DNAT) all incoming connections to 10.0.0.2:43201.

    I created a virtual server for port forwarding on DSL router. I also added following iptables rules for port forwarding.

    iptables -t nat -A PREROUTING -p tcp -i ppp_0_1_32_1 --dport 43201 -j DNAT --to-destination 10.0.0.2:43201
iptables -I FORWARD 1 -p tcp -m state --state NEW,ESTABLISHED,RELATED -d 10.0.0.2 --dport 43201 -j ACCEPT

# ppp_0_1_32_1 is routers external interface.
# routers internal IP address is 10.0.0.1 and server is setup at 10.0.0.2:43201

    Problem is that connections coming from external IP addresses are able to access internal server using External IP address, but internal clients (under NAT) are not able to access server using external IP address. 

    Example: http://<external_address>:43201 is working from external clients
But, internal clients are not able to access using http://<external_address>:43201

    This seems to be similar to the problem described in http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-10.html (NAT HOW-TO Destination NAT Onto the Same Network).

    Firstly, I am not able to understand why is this a problem for internal clients? Secondly, what iptables rule will enable internal clients to access server using external IP address? Please suggest.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How bypass ISP using CGNAT and open all ports? SSH? VPN?
Port forwarding in 4G modem (huawei) + Router (asus) (pics)
Port Forwarding on ZTE modem doesn't works
How to configure cable modem router to allow port forwarding to other connected router?
Why can't I access MySQL server with port forward rule in router?
Forwarding ports after carrier grade NAT?
how to do port forwarding if my router wan ip is different from public ip?
Windows 10 - NAT - Port forwarding & IP masquerade
NAT vs. port forwarding
iptables forward rule not working in openwrt