Port forwarding from behind a router
homosapien
Posts: 147
Why is it that when one sets up port forwarding on a home router, it only forwards when it is accessed from the 'outside' internet?
I have set up port forwarding on my home router to access a server running on my Spinneret. All works fine if I use the internet function on an Android phone and enter <my LAN IP address:Spinneret port> as long as the phone is NOT connected to my LAN via WiFi. If I connect the phone to my LAN via WiFi and enter <my LAN IP address:Spinneret port>, I get an 'unable to connect' page. I understand that with the WiFi turned on, I am on my own LAN and the request is being sent from the phone via the LAN to the router. What I do not understand is why the router would not send it out to the Internet as a 'looking for <my LAN IP address:Spinneret port>, and the packet be sent back to itself to be resolved (sent to the Spinneret via port forwarding). Or simply say 'hey, this is for my own network, I'll not even send it out to the greater Internet, I'll just send it on to the correct port!'
-Is my router stopping it, some rule that says it should never send out packets that are addressed (via it's 'global IP') to itself?
-is there some router on the Internet that is stopping it, thinking a packet with the same source and destination address is invalid?
-Is there a good reason for not allowing a computer behind a LAN router to access another computer on the same LAN via a 'global' IP address:port?
I ask because it would be more convenient to be able to have my phone access the server just using one IP address. It is not the end of all, but I think now I will have to have the app test to see if the phone is connected to my local network or not before deciding on which IP address to use (Spinneret IP address or LAN router IP address).
Thanks,
Nate
I have set up port forwarding on my home router to access a server running on my Spinneret. All works fine if I use the internet function on an Android phone and enter <my LAN IP address:Spinneret port> as long as the phone is NOT connected to my LAN via WiFi. If I connect the phone to my LAN via WiFi and enter <my LAN IP address:Spinneret port>, I get an 'unable to connect' page. I understand that with the WiFi turned on, I am on my own LAN and the request is being sent from the phone via the LAN to the router. What I do not understand is why the router would not send it out to the Internet as a 'looking for <my LAN IP address:Spinneret port>, and the packet be sent back to itself to be resolved (sent to the Spinneret via port forwarding). Or simply say 'hey, this is for my own network, I'll not even send it out to the greater Internet, I'll just send it on to the correct port!'
-Is my router stopping it, some rule that says it should never send out packets that are addressed (via it's 'global IP') to itself?
-is there some router on the Internet that is stopping it, thinking a packet with the same source and destination address is invalid?
-Is there a good reason for not allowing a computer behind a LAN router to access another computer on the same LAN via a 'global' IP address:port?
I ask because it would be more convenient to be able to have my phone access the server just using one IP address. It is not the end of all, but I think now I will have to have the app test to see if the phone is connected to my local network or not before deciding on which IP address to use (Spinneret IP address or LAN router IP address).
Thanks,
Nate
Comments
If you are using the WAN IP and still not able to connect, consider contacting your provider. My Android can hit my WAN and port forwarding works fine.
As I suggested in the past, use a free DNS service to forward traffic from a URL to your WAN address.
His software use a public IP address, that his router forwards to a local address.
If a device on the same local domain is trying to access this public ip address, it won't work unless NAT loopback is enabled in router.
Why not change it to local address?, having too change IP address back-and-forth depending on where you are connection from is not plug-and-play.
So one offical IP address with loopback enabled is the way to go.
I think you misunderstood me:
-The port forwarding works fine if I am 'outside' the LAN and use the 'global' LAN IP address plus the port number
-The Spinneret is also easily accessible if I am behind the router and use the local IP address of the Spinneret.
I was wondering why the 'global' LAN IP address will not work from behind the router. Tony's link suggests blocking that functionality is a 'security' feature of many routers. I am wondering what security benefits this would provide, can't really think of any good scenarios...
http://en.wikipedia.org/wiki/Network_address_translation#NAT_loopback
If you have an app on your phone like remote-camera-viewer, you setup your app top use the public IP.
If you use your app while you are home and phone use wifi, without loopback it will not work.
As you don't want to go in to settings every time and change it.
could the app not have a settings for two IP?, a local one to fall back too if first fails. Probably if they thought of NAT Problems.
If your public IP change often subscribe to free dyndns and tell your router to use it.
The router will call that website once a day and because a call always gives a trace where it comes from, bingo we have your public IP address to update our IP-redirector.
I don't understand how this is a LAND security fix, as the same scenario could be used as a typical DoS attack and I would think it is really the sending/receiving machine's issue to resolve. But it is what it is, and I will deal with it.
I don't think this is true in the instance I was wondering about. I am sending from behind the router to a global IP address (that happens to be the global IP address of the router itself). I was hoping the router would just send the packet out into the Internet, where it would be directed back to the same router. The router would then forward to the Spinneret. But this is not happening, the outgoing message just vanishes. Apparently because the router will not send on LAN-internally generated packets that have it's own global IP LAN address as destination.
Again, this is not a show stopper. I on planning on having the app that I am writing for the phone to request from either a local or global address, depending on the connected state of the phone, as the local network is preferred for speed and economy. I was just surprised as I started with with the simplest setup I could imagine (one IP address, the global one) and it wasn't working when the phone was connected to the LAN.
NAT loopback never leaves your router, it does not go to your ISP and comeback it simple tricks itself to think so.
This way everything else set up with port forwarding etc will work.
But if you mean forcing a lte4g connection by turning the phones wifi off, as that is what is needed without loopback
Understood. The 'economy' I was referring to was not getting a new router and being able to roll this out to other locations without a router upgrade/changeout...
http://www.dd-wrt.com/wiki/index.php/Supported_Devices
homosapien, make it easy on yourself and setup a dynamic DNS service. It will take, maybe, 30 minutes, it's free, and it rids you of parsing a router generated web page to find an IP address. Which, by the way, creates a hard dependency on the router. There's an added benefit of dropping email and Android logic too. All ya have to do is create a bookmark...easy peasy.
Are you saying I should setup a Host/Redirect service, such as the one from NoIP you referenced in the tread about Spinneret as a Client? If so, my problems with that are: running the software on a PC to alert the Host/Redirect service to a new LAN IP address, the dependency on a 3rd party to maintain their service, and the cost for a domain name that does not change (it appears that the 'free' version changes the name every 30 days). And it would be too easy..
I was not sure why the router was not performing the way I thought it should vis-a-vis computers on the same network communicating via the Internet. I now know it is because of a 'security' feature built into many routers. And I now know that to get around this inconvenience I can either:
- Use a Host/Redirect Service
- Program the interface device (Android) to detect whether it is or is not connected to the LAN to determine how it will communicate with the Spinneret.
EDIT: If you are saying you CAN communicate between devices on the same LAN using the (as seen from Internet) LAN IP, then your router is not acting the same as mine. The WRT160Nv2 IS on the NAT loopback compatible router list supplied by Tony...
http://community.linksys.com/t5/Wireless-Routers/WRT160N-NAT-loopback/td-p/283621