I have following situation
We host internal web pages on our Windows Server 2003 for business proposals [purposes?] which we can access on 192.168.0.X:80 on the local network. We also have a FreeBSD router for our internet gateway which hosts static IP addresses in the 217.199.X.X subnet. Our external locations have internet access and they are coming into the local network through static IP and forwarding some ports on different local IP addresses depending on what type of services they are calling. One part of our business uses customized IE with predefined shortcuts for many local web pages on IE.
What I want to do is to create those shortcuts in the customized Internet Explorer that are going to be the same for clients from the local network as they are from the public network.
To be more clear here is one example:
If I want to access ReportServer from my internal network I call
for that same report server outside of my local network I can get it from
But if from the local network I call
I can’t access my report server.
What can I do?
One of the things that I’m already doing is that clients from outside the local network use a VPN to get access to the local network, but in that case they are losing their internet connection for other services.
Thank You in advance
What you’re looking for is called “hairpin NAT”. Requests from the internal interface for an IP address assigned to the external interface should be NAT’ted as though they came in from the external-side interface.
I don’t have any FreeBSD familiarity at all, but reading the “pf” manual for OpenBSD (http://www.openbsd.org/faq/pf/rdr.html) the proposed solutions of split-horizon DNS, using a DMZ network, or TCP proxying lead me to believe that “pf” doesn’t support hairpin NAT.
I’d look at going the route of split-horizon DNS and not using IP addresses in URLs internally but, instead, using names.
- DNS servers on Local Area Connection should include the loopback address, but not as first entry issue
- Can I have web server on a home network with 1 public IP address?
- Is there a way to determine if a certain MAC address is on the local network from a Synology Cubestation, which doesn’t have arp?
- Securing access through specific ports on public IP address
- Why can’t my local network access the internet site hosted by a server on that network?
Leave a comment
- Windows File Permissions and Attributes
- What is the easiest way to upgrade my existing Perl 5.14 to Perl 5.16 on FreeBSD 9 using the ports system?
- Know if mysql has done its job
- Redirect https .com to https .co.uk without a valid SSL cert on .com without DNS change
- Why is it a bad idea to use customer email as from address