# Problem to reach my domain from within my LAN



## obeghain (Mar 9, 2003)

Hi Guys (and Girsl ;-))!

I've setup a home wired- and wireless-network composed of:
-1 PC laptop with WinXP
-1 iBook with MacOS X 10.2.x
-1 old G3 beige with MacOS X 10.2.x
-1 old PC with WinXP
-1 eMac with MacOS x 10.2.x
-1 airport base station 

They are all connected either through wires to a hub, either wirelessly to a airport base station. The airport base station is connected to my ethernet hub. Finally, the airport base station has a WAN connection to a cable-modem which provides me my Internet connection. The ISP provides me a dynamic IP address which is assigned to the airport base station. And this airport base station distribute 10.0.1.x addresses to the various computers within my LAN. Port 80 of the airport base station is redirected to same port on a computer within my LAN.

That's for the description! Now my problem...

I've created an account on DtDNS (www.dtdns.com) and registered a domain through Register.COM (www.register.com).

Although my DtDNS account is configured correctly (dynamic IP set, domain name mentioned), I cannot access my webserver from within my LAN using my domain name (eg.: http:\\www.mydomain.net; http:\\mydomain.net), nor with my accountname on DtDNS (eg.: http:\\myaccount.dtdns.net).  

When doing the test from my work location or using a VPN (to my work network) from my LAN, it works without problems! :-|

Could any of you explain me what I'm missing to make this work?
Thx.

PS: If I'm using Tomcat to provide dynamic content on my web server and would like to make this content available on Internet, does it mean that I should have port 8080 open on my airport base station?

Regards,
-Olivier.


----------



## michaelsanford (Mar 12, 2003)

1) Good problem description!

2) I assume that is a typo when you wrote http:\\ (it should be http:*//*)?

3) Which computer on your LAN is the server? Is your Base station configured to map MAC addresses onto IP addresses permanently (I presume it is)?

4) When you say you can't access your server, what's the exact error message (I assume it's "Host cannot be reached" or something similar)?

5) What's your domain so I can have a look myself


----------



## Jason (Mar 12, 2003)

ive found on my setup i need to use my internal ip to get to my own domain, others need to use my dns forwarding address.... dunno if that helped


----------



## michaelsanford (Mar 12, 2003)

Jason, in that case can you connect to the router's WAN IP with port forwarding and see your server?


----------



## lurk (Mar 12, 2003)

Howdy,

The short answer is that you cannot see it and that is the way it should be.  Here is a quick explanation of what is happening and why it doesn't work the way you want it to.

When the IP address is looked up it resolves to the external IP assigned by your ISP say this is 42.42.42.42  Now on your internal airport network your webserver is at say IP 10.0.0.7

Now when you try to access your domain name it tries to connect to 42.42.42.42 this packet goes to your Airport base station on its 10.0.0.1 interface where the NAT rules rewrite the packet to look like it came from the external IP 42.42.42.42 and sends it out to the internet.

_Where it dies at the first router..._ 

The reason that it dies is that generally routers will not repeat a packet on a subnet, that is it won't reflect a packet back.  That makes sense because every machine on that subnet received the packet and so it sending it on would be redundant.  This is important since not following this rule can result in packet storms which can bring the network down.

So the fault in a manner of speaking lies with the Airport because it should have dropped the packet back on the internal network rather than the external.  However, making that sort of decision is actually routing and not NATing and requires significantly more computational resources.  The truth of the matter though is that adding this ability to the airport would increase its cost and the complexity of configuring it.

-Eric


----------



## michaelsanford (Mar 12, 2003)

I had a feeling is was something with the router rules, but I had no idea where to put my finger...

Thanks lurk, you (I) learn something new every day!


----------

