Accessing an internally hosted site via it's external IP

The_KiD · 23 Apr 2007 at 16:47

We have a web server hosted on our internal network, that we need our sales reps to be able to access via the external IP even when they are on internal network.

Obviously they cant do this normally as it means they are going out on and trying to contact the same IP they are leaving the network on.

How can I get round this ? someone mentioned that using an external proxy would make it work, but I am unsure what they mean and they didnt provide any further info.

NiCkNaMe · 23 Apr 2007 at 19:18

Just out of curiousty, why do they need to access on the external IP? Some sort of logging or is your security set up that way?

An external proxy will simply redirect the users request via the proxy host, and then back again... thus appearing as though the "proxy" requested it (so it would be an external IP)... there's loads of free ones on the net that you could use.

Topgun · 23 Apr 2007 at 19:49

vpn is one secure way.

The_KiD · 24 Apr 2007 at 08:36

The reason is our sales reps willbe using our new website from internally, but they will browse to the url like everyone else, which is fine, then click the client login button, which then takes them to the internally hosted server.

The link is done as an IP i.e http://81.82.83.84, so this section doesnt work when our sales reps come to use it.

I will have a look for the free proxy stuff thanks.

Phemo · 24 Apr 2007 at 08:40

You could just add an entry in the hosts file. That's the simplest way, although it'd be a pain to configure it on each PC individually. Worth looking into if you're prepared to do that though.

Edit: Ok scrap that - just read that they try to connect to an IP rather than a domain name.

tolien · 24 Apr 2007 at 12:43

If it was a name and you had a local DNS server, you could avoid configuring it on each machine - just create a zone file for the domain with the name in question pointing at the internal IP, and let whoever handles DNS normally point it at the external IP for anyone on the outside.

Using a proxy, free or otherwise, is a bit of a kludge - not to mention it's unlikely to be secure (especially if you're not running it).
Some routers will do loopback, but the closest to a solution might be persuading them to use a name rather than an IP.

FordPrefect · 24 Apr 2007 at 17:59

Your other option could be to put a "NAT" on some device internally so that to your sales guys they connect to the same IP internally as well as externally.

BenST · 24 Apr 2007 at 18:59

Topgun said:
vpn is one secure way.

VPN was my first thought and surely it would be the easiest option for all concerned?

ns400r · 24 Apr 2007 at 20:04

If you try to access this IP address from home, can you access it? Is it just being blocked by a firewall/not forwarded to the internal server?

The_KiD · 24 Apr 2007 at 20:06

ns400r said:
If you try to access this IP address from home, can you acces it? Is it just being blocked by a firewall/not forwarded to the internal server?

Can access it from anywhere just not internally.

As tolien said it's to do with most routers not supporting this "loopback" thing where you cant go out and come back in at the IP you went out on.

I dont fully understand it, but have seen it before.

NiCkNaMe · 25 Apr 2007 at 02:11

Is it just the sales guy who needs the internal access?

What kit you using?

As mentioned before, if its kit that supports some sort of NAT... and the guy uses the same internal IP whenever he tries to connect, create an ACL and a static NAT translation on the device.... should work?

The_KiD · 25 Apr 2007 at 09:43

We have a managed network with an external company who have now told us that it wouldnt be possible for this to happen on their kit.

Thanks for the help anyways!