I've set up Routing and Remote Access (Windows Server 2003) to forward publicip:80 to a server on the private internal network, and that's working great. Incoming requests from the internet to port 80 are correctly forwarded to our internal web server and everything is fine.
However, requests on the server itself are not being forwarded. That is, if I open a console window and type "telnet publicip 80" from the server on publicip, the request is not forwarded to the private server.
I understand that in RRAS I've mapped port 80 on the public interface to the private server and that's why it's not working; but I don't know how to configure it so that requests from the local PC are also forwarded to the private server.
I'd appreciate any help or feedback on the matter.
Thanks!
Best Answer
What you're looking for is called "hairpin NAT", and Microsoft's NAT implementation doesn't appear to support it. Packets that aren't traversing the NAT'd interface don't get NAT applied (i.e. sourcing from the private or local interface, destined for the private interface).
Microsoft's documentation isn't particularly clear about it (that I've ever been able to find, at least), but RRAS clearly doesn't behave in a manner that indicates support for hairpin NAT.
You can accomplish the same effect, by name at least, by creating a DNS zone in your local DNS server for the public name, and referring to the private IP address. (So, if your web site is "www.mydomain.com", create a DNS zone "www.mydomain.com", with a single blank "A" record in it referring to the private IP address of the web server.)
Your only other option is to switch to a NAT implementation, like Linux iptables, that supports hairpin NAT.