NAT Loopback


Recommended Posts

Guys,

I would like to use NAT loopback to connect to things whilst in my network. Correct me if I am wrong but the aim is to connect to things in my LAN via my WAN address - at LAN speeds (hope that makes sense!).

This should (?) allow me to have one setting that works for connecting both from LAN and *somewhere with internet*.

Does this sound doable or have I misunderstood loopback?

Cheers,

rancid

Link to comment
Share on other sites

Nat loopback, loopback forwarding or nat reflection it can be called a few different things.

Nat Reflection is when your behind a nat, say your on 192.168.1.100, and you run a server on say 192.168.1.101 for http which you forward port 80 to when someone accesses 1.2.3.4. Which is public address and how say I would access it from starbucks at www.somedomain.com which points to 1.2.3.4

Now you resolve www.somedomain.com to that same 1.2.3.4 address which is the wan interface on your router. You want you router to reflect your access from 192.168.1.100 to 1.2.3.4 back into 192.168.1.101

Support for this is going to depend on your router. Some support, others do not.

If you router does not support it, just setup either a host file on your machine to resolve www.somedomain.com or your local dns to the 192.168.1.101 address this way you never even have to touch your router. To be honest this is the better solution.

What specific router do you have?

Link to comment
Share on other sites

Hey BudMan cheers for the reply, I have the following network devices providing internets.

Not sure where the actual loopback would take place so I'll give both:

DrayTek Vigor 120 - adsl modem - http://www.draytek.co.uk/products/vigor120.html

DrayTek Vigor 2920n - router - http://www.draytek.co.uk/products/vigor2920.html <-- This would be my guess for where loopback would be occuring, NAT is here.

Hadn't thought about the hosts file, that will def be a possible solution, although not ideal as I would like this to work from all possible devices, most importantly, my android - not sure it has a hosts file?? (will look into that if necessary)

Cheers,

rancid

Link to comment
Share on other sites

Ah --- yeah that is a true modem, you don't see those very often. Yup you would setup forwarding on the 2920, so your saying it not working if you have gthe forward setup already? Then that devices does not support loopback forwarding then.

RTFM to see if supported.. Can you access your server from the outside currently?? If so and you can not from local using the public IP than I would guess not supported. I currently don't have time to RTFM for you ;)

Link to comment
Share on other sites

Not entirely sure, tbh. I may not have opened the ports on the router. Would they need to be open for it to work, I had presumed that since It didn't actually leave NAT I could test without forwarding. Not correct?

Lol, I didn't know what RTFM meant, had to google it - lucky I didn't ask :p Yeah, there is no mention of NAT reflection, Loopback or hairpin, which I understand is the same also. EDIT: although there seems to be evidence of loopback on the 120?! (albeit not official proof by any means)

Think I will get in touch with DrayTek support and see if they know what the deal is.

Failing that, hosts file looks like it could be a goer, after a brief look see android does appear to have a hosts file. Looks like root access is required and that people are using it to block ads.

rancid

Link to comment
Share on other sites

Also, it has just occurred to me that the host file route won't work as required. If I understand it correctly anyway.

Reason being, if I set up hf to resolve domain to internal ip, this will work from inside lan, but not externally. What am I missing?

Link to comment
Share on other sites

You mean if you take your device outside your lan, yeah that would be a problem -- if the device leaves your local network, then use dns.

Again I currently don't have time to read your routers manual for you, or its capabilities for DNS.. You are clearly running some server you need access to from the outside and inside, so this "server" could be your dns -- you could run bind on it for example, or whatever other dns server you want, unbound is good, etc. etc..

So I quickly created an example using my local dns, that all devices on my network use.

took www.slashdot.org as example

if you ask an public dns server for this

; &lt;&lt;&gt;&gt; DiG 9.8.1-P1 &lt;&lt;&gt;&gt; @4.2.2.2 www.slashdot.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 21492
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.slashdot.org.			  IN	  A

;; ANSWER SECTION:
www.slashdot.org.	   3230    IN	  A	   216.34.181.48

;; Query time: 13 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Wed Dec 14 08:13:41 2011
;; MSG SIZE  rcvd: 50

See it returns public IP 216.34.181.48

Say I was hosting that site on a box on my my network 192.168.1.13 for example. Now if router supported nat reflection I could access 216.34.181.48 and since I have a forward setup my router would send me back into .13

Well if my router does not support loopback, I could just use a host file to point www.slashdot.org to 192.168.1.13, or I could setup my local name server to point to it so all devices on my local network resolve to .13

example

currently my dns server asks the roots and returns the public IP

; &lt;&lt;&gt;&gt; DiG 9.8.1-P1 &lt;&lt;&gt;&gt; www.slashdot.org
;; global options: +cmd
;; Got answer:
;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 23772
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL:

;; QUESTION SECTION:
;www.slashdot.org.			  IN	  A

;; ANSWER SECTION:
www.slashdot.org.	   3600    IN	  A	   216.34.181.48

;; Query time: 295 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)
;; WHEN: Wed Dec 14 08:18:08 2011
;; MSG SIZE  rcvd: 50

but simple enough to put in a record for that and now

; &lt;&lt;&gt;&gt; DiG 9.8.1-P1 &lt;&lt;&gt;&gt; p4-28g.local.lan
;; global options: +cmd
;; Got answer:
;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 24161
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.slashdot.org.			  IN	  A

;; ANSWER SECTION:
www.slashdot.org.	   3600    IN	  A	   192.168.1.13

;; Query time: 2 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)
;; WHEN: Wed Dec 14 08:21:26 2011
;; MSG SIZE  rcvd: 50

Now clearly when my devices are off my local lan they would not be using my local 192.168.1.253 box for dns and would resolve the normal public IP address.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.