Accessing your external IP from an internal machine

TheBaron

this is copied directly from my mom, with all IP's other than localhost removed for the sake of security. shes just saying one IP repeatedly, so all 00.00.000.000's are the same.

hardware is an SMC router with broken DHCP, but that shouldn't have anything to do with this. we need to keep the router firewall enabled

TheBaron's Mom wrote:

Now a question. You know I've got a server at home that I've exposed through the router by designating it's ip address and port as a virtual server. I tell people to execute my stuff at the ip address of the cable modem (00.00.000.000 these days), using the port I designated. This all works fine. Except for one thing -- some of the tests I have to run involve me calling myself as well as the other guys Web services calling me. And I can't invoke my own stuff (actually what I'm saying is that one of my Web services can't invoke another of my Web services) using the external IP address (00.00.000.000:9080) -- get a connection refused exception. Works fine if I invoke my stuff using localhost, but localhost doesn't cut it in the interop test environment. Any idea what I might do to make the external IP address work with the router controlling things (I'd really like to keep the hacker filtering and firewall that the router provides intact)? One other thing -- I believe that this will work just fine if I bypass the router altogether and plug the cable modem directly into my machine (did this last year, but you really are exposed when you do this).

The only thing I've considered (which I haven't tried yet) is to maybe update my Windows hosts file in some way to indicate 00.00.000.000 is [also] localhost? Since I already have something assigned to localhost (127.0.0.1 I think) , I don't know if that is even legal. But I might be on the right track. Or if you think the problem is in the router config rather than the machine itself, there might be something to configure there that I missed. I'm open to suggestions if you have any.

TheBaron

I really need to get this sorted out, so ... bump

Clutch

Ok so she has a program that uses a certain port. So she has it setup in the router to where if someone trys to connect to her router under that port, they actually go into her server. So if say she has 65.168.54.13 ( her ip address from the router ) forward requests for port 56 to 192.0.0.122 which would be the local ip for her server. Is this correct? But then she also needs to access that service on her server through her local network? So can she just go to 192.0.0.122:56 and it take her to her server for that service?

I don't think if I understand what she is trying to do. So please correct me where I am wrong.

EMT

It's a little bit unclear there mate. Do you understand what she's asking? I don't follow it really. The idea I get is that the computer can't contact itself using the WAN IP address and if it uses any other (LAN or localhost) then outside users won't be able to use everything right - either right now or maybe in the future.

However, I do know hosts won't help her on this one. In my experience the WAN IP usually works, sounds like it doesn't though...

TheBaron

essentially shes trying to test workability on a webserver running within a closed network, that can also be accessed from the outside. right now the port forwarding works so that, for example, I can connect to the server by hitting up the ip the external ip of the network on a specific port. the problem shes encountering is that her server can't connect to itself from within the network without using localhost as the server's IP. make sense? if she wants to follow the exact same path that someone on an external machine is using from a computer within the network, it doesn't work. what this means is that if shes running multiple web services they can't talk to each other ... this is a bad thing

and exactly, the only way she can get it to work is to switch over to using LOCALHOST rather than the port forwarded IP

why?

the reason she's going through all this trouble is because our router is a piece of **** - its a perfect example of a problematic network. if it works here, it ought to work anywhere

Tex

I have a smc router and you can't test the webserver or ftp from inside the private network using the WAN IP. I have to use the private IP. Its in their FAQ's on their website. Something about a poorly implemented loopback or some garbage. I can connect internaly but had to have shorty test the ftp from outside my private network after forwarding the ports.

You can connect to the router's private IP like "192.168.1.1:88" and get the login to the routers setup and go to status to get the wan IP. But I'm sure you knew that. I have loved the smc barricade router for everything but this one thing actually.

Tex

topherice

I believe the reason you have this problem is that A MAC address is used on a local area network before packets go out of the gateway; an IP address is used to surf the Internet through a gateway. There is a protocol that asks "who has this MAC address" and answers the question; that is called ARP (Address Resolution Protocol). What the ARP asks the target address for sending is called the ARP Request or ARP who has, and the ARP that responds to the request is called the ARP Request or ARP who has.

So, basically your ARP table is smart enough to realize that you're requesting to communicate with an internal device and routes your request accordingly.

RFC 826 http://www.faqs.org/rfcs/rfc826.html

EMT

The simplest solution I think would be to get a DNS name for the server e.g. with dyndns.org (free - yourname.dyndns.org) or a real domain name. That way the clients look up the name to get the address and everything on the server can point at this name. The hitch is similar to what she suggested: that you write this DNS name in the hosts file to refer the local computer to itself. Equivalent to referring WAN IP to itself, except this way works - you can't use hosts to refer one IP to another, so this is the easiest workaround I can think of.