WAN-facing web server inaccessible from LAN - Teh Forum

<body> <div id="header"> <span class="left"> <span class="back"><a href="lthread_list.php?webtag=DEFAULT"><span class="image mobile_back" title="Back"></span></a></span> <span class="image mobile_logo" title="Beehive Forum Logo"></span> </span> <ul> <li> <a class="reply_all" href="lpost.php?webtag=DEFAULT&reply_to=42846.0&return_msg=42846.11"> <span class="image mobile_reply_all"></span><span class="text">Reply to All</span> </a> </li> <li> <a class="navigation" href="#"> <span class="image mobile_navigation"></span><span class="text">Show messages</span> </a> </li> <li> <a class="main" href="#"><span class="image mobile_menu" title="Menu"></span> </a> </li> </ul> </div> <div class="menu main"> <ul> <li><a href="lthread_list.php?webtag=DEFAULT">Messages</a></li> <li><a href="lpm.php?webtag=DEFAULT">Inbox</a></li> <li><a href="lsearch.php?webtag=DEFAULT">Search</a></li> <li><a href="llogon.php?webtag=DEFAULT">Login</a></li> </ul> </div> <div class="menu navigation"><a href="lmessages.php?webtag=DEFAULT&msg=42846.1">1–10</a><a href="lmessages.php?webtag=DEFAULT&msg=42846.11">11–20</a><a href="lmessages.php?webtag=DEFAULT&msg=42846.21">21–24</a></div> <div id="page_content"> <h3 class="thread_title"><a href="index.php?webtag=DEFAULT&amp;msg=42846.11">WAN-facing web server inaccessible from LAN</a> </h3> <div id="messages" data-navigation="42846_11_24_10"> <a name="a42846_11"></a><div class="message" id="message_42846_11"> <div class="message_header"> <div class="message_from"> From: CHYRON (DSMITHHFX)<span class="message_time"> 2 Feb 2022 14:38</span> <div class="clearer"></div> </div><div class="message_to">To: ALL<span class="message_count">11 of 24</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=42846.11">42846.11</a></div> <div class="message_body"> Here's some kind of explanation: <div class="quotetext"><strong>Quote:</strong> </div> <div class="quote">to my best of knowledge, the HH2000 doesn't support nat loopback (this is what you need to access your local server using the wan IP address. there's no way around this. you could have your home dhcp and dns server on your network... and override your domain IP address on your local network to point it to the local lan IP address.</div> More detail:<br /> <br /> <a href="https://serverfault.com/questions/55611/loopback-to-forwarded-public-ip-address-from-local-network-hairpin-nat">https://serverfault.com/questions/55611/loopback-to-forwarded-public-ip-address-from-local-network-hairpin-nat</a></div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=42846.11&return_msg=42846.11" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="42846.11"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a42846_12"></a><div class="message" id="message_42846_12"> <div class="message_header"> <div class="message_from"> From: william (WILLIAMA)<span class="message_time"> 2 Feb 2022 15:45</span> <div class="clearer"></div> </div><div class="message_to">To: CHYRON (DSMITHHFX) <span><span class="image post_read" title="Read: 2 Feb 2022 15:54"></span></span> <span class="message_count">12 of 24</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=42846.12">42846.12</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=42846.10">42846.10</a></div> <div class="message_body"> Doesn't look like the trace will help. You're getting Bell servers that won't respond to trace requests so it just times out. I can see your site and my tracert timed out too. Shame really because it's useful sometimes.<br /> <br /> Interesting thing though, I plead ignorance seeing as it's at least 10 years since I played with any network stuff in anything remotely like a professional way. I had a quick squint at my owncloud server which is open to the internet. Turns out that the traceroute for that is totally different from my LAN to when I look at it from outside. From the LAN it goes to the router and from there straight back to the server, ie just two hops. Presumably the router is smart enough not to send a local request outside. But my router is a single (external) IP device for domestic use. Is the router you've been provided with handling a batch of external IP addresses? If so, does it make a difference whether you are on the same LAN as the web/file server, or whatever?</div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=42846.12&return_msg=42846.11" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="42846.12"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a42846_13"></a><div class="message" id="message_42846_13"> <div class="message_header"> <div class="message_from"> From: william (WILLIAMA)<span class="message_time"> 2 Feb 2022 15:55</span> <div class="clearer"></div> </div><div class="message_to">To: william (WILLIAMA) <span><span class="image post_read" title="Read: 2 Feb 2022 15:55"></span></span> <span class="message_count">13 of 24</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=42846.13">42846.13</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=42846.11#a42846_12" target="_self">42846.12</a></div> <div class="message_body"> Aah, didn't see that last message until after mine.</div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=42846.13&return_msg=42846.11" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="42846.13"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a42846_14"></a><div class="message" id="message_42846_14"> <div class="message_header"> <div class="message_from"> From: CHYRON (DSMITHHFX)<span class="message_time"> 2 Feb 2022 16:04</span> <div class="clearer"></div> </div><div class="message_to">To: william (WILLIAMA) <span><span class="image post_read" title="Read: 2 Feb 2022 16:04"></span></span> <span class="message_count">14 of 24</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=42846.14">42846.14</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=42846.11#a42846_12" target="_self">42846.12</a></div> <div class="message_body"> I've worked out a couple of things to try. Complicating this is an .htaccess redirect from 80-443 (http-https).<br /> <br /> I've set up a noip.com dynamic dns domain pointing at the WAN iP (I suspect this will wind up in the same bad place though)<br /> <br /> or<br /> <br /> I can NFS export the server's /var/www/html and point a virtualhost on another server and so see the WAN-facing *content* which is the main thing (always nice to confirm if it can be hit from the actual domain though)<br /> <br /> A third option to consider is monkeying with another .htaccess rule to override the redirect for LAN requests but I dunno<br /> <br /> A fourth option is to rejig the managed switch for DHCP, port forward the modem to that, and port forward the server from it.<br /> <br /> Not liking any but worth a try, maybe.<br /> <br /> Someone helpfully pointed out that these modems are 'internet for idiots,' which serve the market very well so why would they change that? (our old ISPs modem has no such issues, but it's more business oriented; Bell is late to the party)<div class="edit_text">EDITED: 2 Feb 2022 16:05 by DSMITHHFX</div> </div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=42846.14&return_msg=42846.11" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="42846.14"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a42846_15"></a><div class="message" id="message_42846_15"> <div class="message_header"> <div class="message_from"> From: william (WILLIAMA)<span class="message_time"> 2 Feb 2022 16:04</span> <div class="clearer"></div> </div><div class="message_to">To: CHYRON (DSMITHHFX) <span><span class="image post_read" title="Read: 2 Feb 2022 16:05"></span></span> <span class="message_count">15 of 24</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=42846.15">42846.15</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=42846.11#a42846_11" target="_self">42846.11</a></div> <div class="message_body"> That's sad. Is it going to be a problem for the business? </div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=42846.15&return_msg=42846.11" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="42846.15"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a42846_16"></a><div class="message" id="message_42846_16"> <div class="message_header"> <div class="message_from"> From: CHYRON (DSMITHHFX)<span class="message_time"> 2 Feb 2022 16:08</span> <div class="clearer"></div> </div><div class="message_to">To: william (WILLIAMA) <span><span class="image post_read" title="Read: 2 Feb 2022 16:08"></span></span> <span class="message_count">16 of 24</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=42846.16">42846.16</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=42846.11#a42846_15" target="_self">42846.15</a></div> <div class="message_body"> Not really. The main thing is hitting the server from outside for all the WFH folks, it does that np. Also I mostly WFH ...<br /> <br /> Verifying sftp access is my next priority.</div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=42846.16&return_msg=42846.11" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="42846.16"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a42846_17"></a><div class="message" id="message_42846_17"> <div class="message_header"> <div class="message_from"> From: william (WILLIAMA)<span class="message_time"> 2 Feb 2022 16:21</span> <div class="clearer"></div> </div><div class="message_to">To: CHYRON (DSMITHHFX) <span><span class="image post_read" title="Read: 2 Feb 2022 16:32"></span></span> <span class="message_count">17 of 24</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=42846.17">42846.17</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=42846.11#a42846_16" target="_self">42846.16</a></div> <div class="message_body"> Not 100% sure why the redirect to HTTPS is a problem (I have that on my server) but as I've contributed nothing useful so far, I shall leave you to continue enjoying yourself with network fun.<br /> </div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=42846.17&return_msg=42846.11" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="42846.17"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a42846_18"></a><div class="message" id="message_42846_18"> <div class="message_header"> <div class="message_from"> From: CHYRON (DSMITHHFX)<span class="message_time"> 2 Feb 2022 16:32</span> <div class="clearer"></div> </div><div class="message_to">To: CHYRON (DSMITHHFX) <span><span class="image post_read" title="Read: 2 Feb 2022 16:32"></span></span> <span class="message_count">18 of 24</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=42846.18">42846.18</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=42846.11#a42846_16" target="_self">42846.16</a></div> <div class="message_body"> sftp over port 30 works.</div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=42846.18&return_msg=42846.11" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="42846.18"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a42846_19"></a><div class="message" id="message_42846_19"> <div class="message_header"> <div class="message_from"> From: patch<span class="message_time"> 3 Feb 2022 08:14</span> <div class="clearer"></div> </div><div class="message_to">To: CHYRON (DSMITHHFX) <span><span class="image post_read" title="Read: 3 Feb 2022 12:35"></span></span> <span class="message_count">19 of 24</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=42846.19">42846.19</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=42846.11#a42846_18" target="_self">42846.18</a></div> <div class="message_body"> If you're trying to use a consumer grade router/modem/firewall thing for vaguely business purposes, then all bets are off, really. There's a reason people pay more for business grade stuff: it let's you do the things you need to do. Thing like NATting out of the router's external address and hairpinning back in again to the outbound address which is then NATted to an internal server (which gives the SecOps side of my career the heebies, by the way).<br /> <br /> But anyway, do you have a DNS server running on the LAN, maybe on the router or a domain controller? You could try adding a custom DNS record for dewarstaging.com pointing to the LAN address of the server. That should make it work internally, while leaving any external DNS untouched.<br /> <br /> Or do it with hosts files on all the internal PCs, if there aren't too many of them.<br /> <br /> Also, are you using modem and router interchangeably here? Just checking, because they're different things, which I'm sure you know.<br /> <br /> While I don't know much about American ISPs, I've heard they do some wierd shit. They're the reason things like frame-relay and ISDN were still included in Cisco Systems exams until fairly recently. Blocking port 22 inbound seems unecessary. It's not as if it's an uncommon port.<br /> <br /> Edit: Basically, I recommend a Fortigate. Or a Palo Alto. Or a Checkpoint. Or almost anything business-oriented. Though probably not a Cisco.<div class="edit_text">EDITED: 3 Feb 2022 09:10 by PATCH</div> </div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=42846.19&return_msg=42846.11" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="42846.19"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a42846_20"></a><div class="message" id="message_42846_20"> <div class="message_header"> <div class="message_from"> From: CHYRON (DSMITHHFX)<span class="message_time"> 3 Feb 2022 14:15</span> <div class="clearer"></div> </div><div class="message_to">To: patch <span><span class="image post_read" title="Read: 3 Feb 2022 16:43"></span></span> <span class="message_count">20 of 24</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=42846.20">42846.20</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=42846.11#a42846_19" target="_self">42846.19</a></div> <div class="message_body"> Wish we had the SmartRG modem-router used by the previous ISP! It handled this hairpin stuff so transparently, I never even heard of it before, and didn't think to ask for it.<br /> <br /> Coupla stories about that ISP: some time ago we needed to re-nat WAN port 80 to a different LAN IP, and I put in a ticket for the change. It transpired that in the course of changing ownership from local to multinational, they *lost* our router webmin login, and the one they had didn't work (note they had outsourced their support to India). Is that bad? Whelp, I was able to *guess* the login, and go in and update the config!<br /> <br /> Now for the latest: a 'data hotel' subcontractor had a fire and explosion wiping out their optical fiber backbone (big-ass wire, whatever). In the middle of the worst blizzard we've seen in 30 years. It took them north of two days to restore service (by rerouting), and another two days to repair the cable. Force majeure, but my boss didn't like it one bit. So here we are ...<br /> <br /> Suffice to say, configuring a 3d-party router for incoming ADSL (or whatever) is above my paygrade, and probably wild overkill for a *small* business?<br /> <br /> Your idea about an internal, custom DNS record is plausible, maybe I can get my head around that. I *think* the aforementioned managed switch supports DNS somethings.<br /> <br /> You the big dog! <span class="emoticon e_grin" title=":-D"><span class="e__">:-D</span></span> </div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=42846.20&return_msg=42846.11" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="42846.20"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div></div> <div class="message_page_footer"> <ul> <li class="right_col"><form accept-charset="utf-8" method="get" action="lmessages.php" target="_self"><input type="hidden" name="webtag" id="webtag" class="bhinputtext" value="DEFAULT" dir="ltr" /><input type="hidden" name="msg" id="msg" class="bhinputtext" value="42846.21" dir="ltr" /><input type="submit" name="submit" id="keep_reading" value="Keep reading…" class="button" /></form></li> </ul> </div> </div> </body>