cancel
Showing results for 
Search instead for 
Did you mean: 

ADSL Port forwarding with No-NAT

N/A

ADSL Port forwarding with No-NAT

I have a Router with an ADSL connection, I need to be able to access a server on the network externally and internally.
I have had port forwarding working, it works fine form any computer but not from another computer connected to the network, you just get the router config page.
I have had my static IP changed to a block of 4 and now I need to asign the spare to the server, this way the computers on the network will access the internet with 1 IP and the server will have a different IP, this way the computers will be able to access the server and not the Router.
I have tried the example f9 provide but i dont want to disconnect the router from the network switch, is there any other way to do this?
Any help will be greatly aprecieated
Thanks
Arthur
arthur@astarsolutions.co.uk
4 REPLIES
N/A

ADSL Port forwarding with No-NAT

I think what you're trying to do is to enable clients, located both on your network and on external networks, to access to a server located on your local network.

You're inventing problems that don't exist!

If you think about it, you don't need port forwarding, blocks of 4-IP addresses, or even your ADSL router (since you have a separate network switch) in order to permit your local clients to access the server: they don't go anywhere near the router to access the server, so all these things are red-herrings as far as local traffic is concerned. Port forwarding exists to allow connection requests from external clients to traverse a NAT enabled interface in order to reach your server. So, port forwarding is for access from external clients, not inernal ones, and it's a technology associated with NAT. By all accounts you have this working, and you didn't need a block of 4 IP addresses to do it. I think you should go back to your single IP address, since to have 4 for this purpose is a waste of scarce resource.

"Port Forwarding" achieves possibly two things for incoming connection requests. The request is directed to a particular port at your publicly-known IP address. Your server doesn't use that address, therefore the port forwarding function has to change the destination address to the one being used by the server (a private address inside your network), and it may also change the port to which the request is directed to a different port number.

For traffic from your internal clients destined for your server, you have no need to use the public IP address of your router (which, in any case, isn't the address of the server), because the server is accessible directly from your network. For internal traffic, just go direct!
N/A

ADSL Port forwarding with No-NAT

I have set up a web address to forward to my external IP, if you use that address on the local network you get the router. This is why i want to set up a second IP to forward to the server; i need the computer users to access the internet via 1 extenal ip and the server to have a second extarnal ip. This way when a local user uses the web address they get the server rather than the router.
N/A

ADSL Port forwarding with No-NAT

It would be easier to discuss this if we had some concrete names and addresses to work with, so let's suppose the "web address" you've set up is server.mydomain.com.

My "take" on this now is that your problem is with name resolution.

When someone at an external host attempts to access your host, server.mydomain.com, that must resolve to the public IP address of your router, which will then do all the good stuff you've already set up.

However, when someone at a local host attempts to access server.mydomain.com, the address must resolve to the local address being used by the server. That way, the request will go straight to the server, with no need for NAT, port forwarding, routers, etc, etc. This is exactly as you'd do it if your local network had no Internet connection at all and was just an isolated LAN.

In order to do this, you need to split DNS name resolution into two because external users need names to resolve to your public address, and internal users need to see the "real" private/internal address of the server. Generally, this isn't a problem because by and large you don't want outside users to have access to all the information about your hosts as inside users (you may wish to grant outsiders access to only a few of your hosts, so why give them more information than they need?).

I assume outside users obtain DNS services for you network from Force9's DNS servers, which is the obvious way of doing it. You then need a way of overiding this information as far as your local hosts are concerned. There are several ways of doing this, such as running your own local DNS server which your local hosts access (your router may even provide this functionality). The local DNS server is used only by local systems, therefore, it can return local addresses for names in your domain, and can forward requests to the authoritative name servers for other domains. Alternatively, you could use local hosts files (/etc/hosts, or on Windows, %SYSTEMROOT%\system32\drivers\etc\hosts) and ensure they are searched prior to requesting an address lookup from a name server.

By the way, you'll probably find that even if you used IP addresses rather than host names, you would still not be able to access your server from inside your network by using a public IP address: you need to use your local (private) addresses inside your network.
N/A

ADSL Port forwarding with No-NAT

I have set up a local DNS server and everything seems to be working.
Thanks for the suggestion