Cannot Access HTTP Server from the Same LAN using DNS.

yuriyaacoub · ‎03-20-2024

Hello,

In the attached picture you can view how my network is setup.

I have set up a DNS server mapping www.grt473.com to 81.81.1.1

I have set up DHCP on both gateway routers with a DNS server 91.91.1.2

I am able to access the HTTP server from the LAN having PC0.

But I cannot access it from the same LAN as that HTTP server.

Keep in mind, I have setup static NAT on the gateway router2 NAT 81.81.1.1 to 192.168.1.201 on the outside interface of that router.

I have looked around the web, and I figured out it is a NAT loopback problem.

Can anyone guide on how to fix it without adding a new DNS server on the HTTP server LAN?

Martin L · ‎03-20-2024

attach ur PT file here in a zip format;

Regards, ML
**Please Rate All Helpful Responses **

yuriyaacoub · ‎03-20-2024

Hello Martin,

Thanks for the reply.

You'll find attached the requested document.

Thanks

paul driver · ‎03-20-2024

Hello
It inst a NAT loopback issue as such, you need to hairpin the NAT and you have multiple ways of dong this, the most simplistic solution if PT supports is it to utilise NVI NAT (domain-less nat - no inside/outside domains)

Example
int x/x
no ip inside/outside
ip nat enable

no ip nat inside source . . . .
no ip nat outside source . . . .
ip nat source . . . .

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

yuriyaacoub · ‎03-20-2024

Hello

If you could please be more verbose about the commands for my specific IPs and how could implement your solution for my specific configuration as I'm still figuring out my way around CPT.

Thanks

paul driver · ‎03-20-2024

Hello
Change your existing nat interfaces to they dont either state ip nat inside or ip nat outside and the same for any existing nat statements as I have shown.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Martin L · ‎03-20-2024

ip nat enable is not supported by PT.

while people from outside connecting to our HTTP need to do NAT translation (public to private port 80), people on inside do not; that is called intranet; Perhaps server(s) should be located in special DMZ zone.

So, normally people from inside of LAN with http server would use their local internal server IP without need of NAT translation (DMZ or not); If I remember correctly from MSCA Windows cert, you should add another internal DNS server inside local LAN for internal traffic only pointing towards internal web server. I guess You could try adding static NAT pointing local LAN traffic to local inside private IP of actually the same http server. But, I think normally a company will install Win AD, DNS, DHCP, Web servers for internal people and another server(s) for outside access only;

Regards, ML
**Please Rate All Helpful Responses **