Arrow

When firewall forwarding rules don’t work from the internal network, behind the router

First published on May 5, 2008

(Warning, geek post)

Suppose you have set up a web server, hosting, say http://alpha.theblog.ca, and that this server is on the same network as your computer:

Internal IP of web server: 192.168.1.10 (serving http://alpha.theblog.ca)
Internal IP of your computer: 192.168.1.11
Internal IP of your router: 192.168.1.1
External IP of your network: 65.98.116.34

In our example, the public DNS record for http://alpha.theblog.ca points to 65.98.116.34 (where the router sits as the gatekeeper), and the firewall rules on the router point all such requests to 192.168.1.10 (the server). Therefore, the server can provide external visitors with the correct content for http://alpha.theblog.ca.

However, if you access http://alpha.theblog.ca from inside the network, behind the router, you might only bring up the router page. For some reason, the firewall rules do not properly route your request to the server. I’ve experienced this problem on several entry-level routers and have never been able to get the firewall rules to work for computers on the same network as the server.

The solution, as suggested by Derek (who came up with the brilliant resizing a Photoshop text box without distorting the text tip), is to edit your computer’s hosts file so that http://alpha.theblog.ca points directly to 192.168.1.10, instead of having to be routed. There is a great tutorial on the hosts file, but the gist of it is that all entries in your hosts file directly bypass the need to look up public DNS entries. So while http://alpha.theblog.ca might publicly point to 65.98.116.234, you could have your computer load 192.168.1.10 for that address with this hosts file entry:

192.168.1.10   alpha.theblog.ca

More fun with the hosts file include entries for domains that already exist or that don’t even exist. Heck, you could make it so that whenever you type google.com in your browser, it loads a page on your own computer (if you have a simple server set up on your computer):

127.0.0.1   www.google.com
127.0.0.1   google.com

Arrow

Speak your mind

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word