Internal mobile access to internal sites via public address fail

nLinked · 2013-08-03 18:07:55

On my Arch Linux web server I have a website hosted in apache.
From outside, I access the site via my smartphone through mydomain.com/mysite.

But I can't access them from inside (via wi-fi), they won't load. So inside I have to visit it by their internal IP, such as http://192.168.1.1/mysite.

I'm not sure where I need to make the change so that any internal mobile device on the internal network, should be able to still see my sites via their public address. Can anyone point me in the right direction please?

Last edited by nLinked (2013-08-03 18:15:58)

BGK · 2013-08-03 21:45:01

Can you resolve your "mydomain.com" from your inside network? What kind of error do you get (page not found, could not resolve, time-out, etc.)? Which DNS are you using from your inside network?

Last edited by BGK (2013-08-03 21:46:44)

nLinked · 2013-08-03 22:22:00

If I ping "mydomain.com" from inside, it pings successfully as my WAN IP address (as provided by my ISP). The IP address it resolves to is my internet connection's IP address.

If I visit mydomain.com in my browser from inside, it takes about 2 mins trying to load and then says "The connection has timed out". If I try the internal IP instead, I can see my apache default page.

My home DNS is my router as provided by my ISP.

Last edited by nLinked (2013-08-03 22:23:29)

cfr · 2013-08-03 23:43:29

nLinked wrote:

My home DNS is my router as provided by my ISP.

Are you sure about this? I don't know much about networking but this sounds... unusual...

nLinked · 2013-08-04 12:53:18

cfr wrote:

nLinked wrote:
My home DNS is my router as provided by my ISP.
Are you sure about this? I don't know much about networking but this sounds... unusual...

It seems so, unless I'm mistaken. If I let my devices get an IP by DHCP (via the home router), the DNS settings come down as my router's IP, as well as the gateway address.

cfr · 2013-08-04 14:55:21

I'm not at all sure but I think to figure out which DNS you are using, you need to check the setting the router is using. That is, I get the same thing i.e. my router address is listed as the nameserver in /etc/resolv.conf but I don't think that means I am running a DNS. I think it means that the router is passing those queries onto some other DNS and I'd need to look there to find out its identity. I don't want to check this as it is a pain and makes me nauseous so I only call up the router config when I really have to. (Sounds weird? Long story.)

nLinked · 2013-08-04 18:26:10

Thanks for clarifying. My router DNS is pointing to an IP which resolves as my ISP's name, so it must be their DNS servers accepting my queries. Why does it not just pass mydomain.com/mysite to them, and back again and display my web page? Why does it time out from the inside?

cfr · 2013-08-04 18:47:30

Can you access other sites OK from inside?

nLinked · 2013-08-04 20:59:16

I can indeed, just not sites inside using their public address

cfr · 2013-08-04 22:12:47

Have you tried changing the router's DNS settings to use OpenDNS or google's DNS, for example, just to see if that makes any difference?

EDIT: Is https://bbs.archlinux.org/viewtopic.php … 1#p1308061 relevant?

Last edited by cfr (2013-08-05 01:06:53)

BGK · 2013-08-05 21:08:17

nLinked wrote:

If I ping "mydomain.com" from inside, it pings successfully as my WAN IP address (as provided by my ISP). The IP address it resolves to is my internet connection's IP address.
If I visit mydomain.com in my browser from inside, it takes about 2 mins trying to load and then says "The connection has timed out". If I try the internal IP instead, I can see my apache default page.

Okay, from there it looks like:
- You have your home router, using your public IP (WAN)
- mydomain.com is registred to your public IP (your router WAN IP)
- Your router is probably doing NAT
- You are probably doing some kind of port forwarding in your router in order to allow inbound connections from outside reaching your home web server. I am guessing it's something like "redirect all inbound traffic with port destination 80 to [home web server IP] port 80
- From the outside. when you're trying to connect to [mydomain.com] [port 80] : DNS gives your WAN IP so you try to connect to WAN IP port 80 which is forwarded to [your home web server] [port 80]
- From the inside, when you're trying to connect to [mydomain.com] [port 80] : DNS gives your WAN IP so you try to connect to WAN IP port 80. Nothing is forwarded from the inside so you try to connect to your port 80 router, which gives you a time-out since there is no web server running on your router.

TL;DR mydomain.com is NOT resolved as 192.168.1.1 (home web server), port forwarding is not done from the inside.

Possible solution might be to add a static entry in your home DNS, resolving mydomain.com to 192.168.1.1 instead of WAN IP

Last edited by BGK (2013-08-05 22:06:59)

nLinked · 2013-08-05 21:19:00

BGK wrote:

nLinked wrote:
If I ping "mydomain.com" from inside, it pings successfully as my WAN IP address (as provided by my ISP). The IP address it resolves to is my internet connection's IP address.
If I visit mydomain.com in my browser from inside, it takes about 2 mins trying to load and then says "The connection has timed out". If I try the internal IP instead, I can see my apache default page.
Okay, from there it looks like:
- You have your home router, using your public IP (WAN)
- mydomain.com is registred to your public IP (your router WAN IP)
- Your router is probably doing NAT
- You are probably doing some kind of port forwarding in your router in order to allow inbound connections from outside reaching your home web server. I am guessing it's something like "redirect all inbound traffic with port destination 80 to [home web server IP] port 80
- From the outside. when your trying to connect to [mydomain.com] [port 80] : DNS gives your WAN IP so you try to connect to WAN IP port 80 which is forwarded to [your home web server] [port 80]
- From the inside, when your trying to connect to [mydomain.com] [port 80] : DNS gives your WAN IP so you try to connect to WAN IP port 80. Nothing is forwarded from the inside so you try to connect to your port 80 router, which gives you a time-out since there is no web server running on your router.
TL;DR mydomain.com is NOT resolved as 192.168.1.1 (home web server), port forwarding is not done from the inside.
Possible solution might be to add a static entry in your home DNS, resolving mydomain.com to 192.168.1.1 instead of WAN IP

All points correct! It is port forwarding and NAT

When you say add an entry in my home DNS I assume you mean the hosts file on the client? Other than that I'm not running my own DNS server. If you do mean hosts file, I can do that, but the problem is, if I do that on my smartphone, it will then fail to resolve when I take it out of the internal network. I'm beginning to think there's no easy way to acheive it working both inside and outside...?

BGK · 2013-08-05 21:30:59

nLinked wrote:

Other than that I'm not running my own DNS server. If you do mean hosts file, I can do that, but the problem is, if I do that on my smartphone, it will then fail to resolve when I take it out of the internal network. I'm beginning to think there's no easy way to acheive it working both inside and outside...?

Your are correct, if you change the /etc/hosts on your devices, it will no longer work when trying to connect from outside.
The possible solution involves editing the local DNS server (your router).
If you cannot edit it, you could build a small DNS forwarder on your home web server with a static entry like mydomain.com= 192.168.1.1.
Not sure if it's possible (i am no DNS guru) but it sound like one way to go. Also you will need to edit the DHCP server so that it will give your home web server as DNS rather than your router.

Last edited by BGK (2013-08-05 23:34:58)

nLinked · 2013-08-10 16:32:56

Thanks, BGK, I'm going to give this DNS forwarder a try, sounds like the way to go. Can't edit my router.

Arch Linux

#1 2013-08-03 18:07:55

Internal mobile access to internal sites via public address fail

#2 2013-08-03 21:45:01

Re: Internal mobile access to internal sites via public address fail

#3 2013-08-03 22:22:00

Re: Internal mobile access to internal sites via public address fail

#4 2013-08-03 23:43:29

Re: Internal mobile access to internal sites via public address fail

#5 2013-08-04 12:53:18

Re: Internal mobile access to internal sites via public address fail

#6 2013-08-04 14:55:21

Re: Internal mobile access to internal sites via public address fail

#7 2013-08-04 18:26:10

Re: Internal mobile access to internal sites via public address fail

#8 2013-08-04 18:47:30

Re: Internal mobile access to internal sites via public address fail

#9 2013-08-04 20:59:16

Re: Internal mobile access to internal sites via public address fail

#10 2013-08-04 22:12:47

Re: Internal mobile access to internal sites via public address fail

#11 2013-08-05 21:08:17

Re: Internal mobile access to internal sites via public address fail

#12 2013-08-05 21:19:00

Re: Internal mobile access to internal sites via public address fail

#13 2013-08-05 21:30:59

Re: Internal mobile access to internal sites via public address fail

#14 2013-08-10 16:32:56

Re: Internal mobile access to internal sites via public address fail

Board footer