configure static route to public ip from lan

whitecrook · 19 Aug 2011 at 09:49

Hi all

How do I set it up so I can browse to my public IP, from within my LAN and see my e.g webserver. The only way I can do it is to use the webserver LAN IP of 10.x.x.x but I want people both in side and outside the lan to use the publix 217.x.x.x. address.

My sonicwall router does not route traffic to the public ip from inside the lan.

What is the rule I need to create ?

dekez · 19 Aug 2011 at 10:14

You will need to set up the router to forward port 80 to the IP of the webserver. Anyone who knows your public IP will be able to see your website though, also unless you have a static public IP you will need use one of the free services which give you a link to your server and update the dns when the IP changes.

If you google sonicwall router port forwarding it brings up a few guides on how to do the forwarding part.

edit: just re-reading your post, are you saying you already have access externally to the server but when you use the public ip internally it doesn't work?

whitecrook · 19 Aug 2011 at 10:22

dekez said:
edit: just re-reading your post, are you saying you already have access externally to the server but when you use the public ip internally it doesn't work?

Yes

dekez · 19 Aug 2011 at 10:42

Apologies it's early

, that's strange, I have a website set up as described in my post and I can access it both internally and externally via the public IP, I didn't have to create any additional rules :confused:

, sorry not much help at all!

whitecrook · 19 Aug 2011 at 10:51

I think I need to route between my LAN network and my public network range ( i have a block of 5 ips) rather than directly by host ips. Still trying to figure it out. Doens't help that sonicwall is so abstracted in its setup.

PistolPete · 19 Aug 2011 at 11:39

This is a little confusing. You have a /29 block but you use private IP's behind the sonicwall. Are you using the /29 behind the sonicwall too or are they for the WAN side of the sonicwall?

If the /29 is on the WAN side, you'll need some kind of NAT from one side to the other, along with associated firewall rules. If the /29 is also on the LAN side, then you will probably need to add a route on the sonicwall for that subnet.

whitecrook · 19 Aug 2011 at 12:16

The 10.0.0.0 network is private, on the LAN side
The Sonicwall has a static public IP and NAT takes place to forward traffic through to the various services (ssh/http etc)

I have a block of 5 IPs (BT broadband) so my network netmask for my public ips is 255.255.255.248 and I want people inside my network (on the 10.0.0.0) to be able to connect to the public IP, but especially the single static IP which the sonicwall has, and then to be forwarded as if they were someone who was outside the network. I.e. to the web server which is 10.1.1.107 without having to key in the local address, just using the public ip.

Sin_Chase · 19 Aug 2011 at 12:48

I understand what you are trying to do but it begs the question - Why?

What is your web server listening on in the LAN? As far as I know if your internal clients try to connect to an IP assigned to your WAN the routing tables should just sort it out for you. Are you sure it's actually a connectivity issue and not a config issue with your webserver and where it listens. IIS, Apache, other?

Why even use the IP? Put in an A record for the 10. internal address on the internal DNS server for www.mywebsite.com

whitecrook · 19 Aug 2011 at 12:59

Well If i for example i send an email to people some, internel some external I want to say to all of them connect to 217.xx.x..x instead of some people connect to 10 if you are inside and 217 if you are outside.

And If I configure my mail client to pick up mail from 10.1.1.107 then when I go home, it won't work obviously. If i can just use the public IP all the time no matter where I am it will work better.

#Chri5# · 19 Aug 2011 at 13:39

Which model of SonicWall?

What you are trying to do is called "NAT Loopback".

whitecrook · 19 Aug 2011 at 15:05

Hi

it is a TZ 200.

I will look into NAT Loopback.

Sin_Chase · 19 Aug 2011 at 15:12

whitecrook said:
Well If i for example i send an email to people some, internel some external I want to say to all of them connect to 217.xx.x..x instead of some people connect to 10 if you are inside and 217 if you are outside.

And If I configure my mail client to pick up mail from 10.1.1.107 then when I go home, it won't work obviously. If i can just use the public IP all the time no matter where I am it will work better.

Buy a domain to resolve external IP.

www.whitecrooksserver.com - A Record 217.x.x.x

Configure same domain on internal DNS server

www.whitecrookserver.com - A Record 10.x.x.x

Same setting, any location. Only potential issue I can see is some client DNS caching or anyone working from your LAN but not using your DNS server but otherwise should be fine.

#Chri5# · 19 Aug 2011 at 15:13

Good, a current gen' model so easy to do.

You need a custom NAT policy (Network > NAT Policies)

Source
Original : Firewalled Subnets
Translated : X1 IP (assuming your WAN connection is on Interface X1)
Destination
Original : X1 IP
Translated : Internal IP address of web server
Service
Original : HTTP (or HTTPS or a service group)
Translated : Original

Interface In / Out can be left to Any.

HTH,
Chris.

whitecrook · 29 Aug 2011 at 10:20

Actually Thanks for this. It still did not work, we contacted Sonicwall support and it's turned out to be the POS BT wire router/modem which was causing us the issues ..

MarkA · 29 Aug 2011 at 12:40

Good old BT routers. They really do suck.