When firewall forwarding rules don’t work from the internal network, behind the router

First published on May 5, 2008

(Warning, geek post)

Suppose you have set up a web server, hosting, say, and that this server is on the same network as your computer:

Internal IP of web server: (serving
Internal IP of your computer:
Internal IP of your router:
External IP of your network:

In our example, the public DNS record for points to (where the router sits as the gatekeeper), and the firewall rules on the router point all such requests to (the server). Therefore, the server can provide external visitors with the correct content for

However, if you access from inside the network, behind the router, you might only bring up the router page. For some reason, the firewall rules do not properly route your request to the server. I’ve experienced this problem on several entry-level routers and have never been able to get the firewall rules to work for computers on the same network as the server.

The solution, as suggested by Derek (who came up with the brilliant resizing a Photoshop text box without distorting the text tip), is to edit your computer’s hosts file so that points directly to, instead of having to be routed. There is a great tutorial on the hosts file, but the gist of it is that all entries in your hosts file directly bypass the need to look up public DNS entries. So while might publicly point to, you could have your computer load for that address with this hosts file entry:

More fun with the hosts file include entries for domains that already exist or that don’t even exist. Heck, you could make it so that whenever you type in your browser, it loads a page on your own computer (if you have a simple server set up on your computer):

Speak your mind

To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word