web server internally not accessible, but externally

[jochenthomas]

I am a little bit lost (just installed last version of Merlin on a RT-AC87U).

Having a web server running on an internal IP 192.168.1.50 I see the basic wwww-server page using the internal IP (but of course not the virtual server www.abc.com).
So web server is running and accessible.

Portforwarding Rule: www-server || Port 80 || to IP 192.168.1.50 || to Port 80 || Protocol TCP.
I did not change the web server itself, so it's only the AC87U router-sw causing this effect.
Even a ipconfig /flushdns on windows machine wasn't successful.

External access is possible using abc.asuscomm.com or the IP-address 1.2.3.4 (means a mobile network) !!
Also the specific site is accessible (abc.com) outside the network.

BUT trying to use the same xx.asuscomm.com or the external IP-Adress 1.2.3.4 INTERNALLY would lead to a timeout.

Any idea what could cause this behavior (Merlin v378.52_2)?

 

[coxhaus]

I general if you add a static DNS entry on your DNS server it will resolve the problem. Actually how this works is your local workstation requests a DNS request. Since you have a static DNS entry the router or local DNS answers the request so your DNS request never flows out into the internet where the outside DNS IP address lives. This way you end up with the correct IP address whether you are inside your network or outside in the internet.

 

[colbond]

This looks like what I just asked about earlier today. Haven't had a chance to mess with it but I was told that it's the implementation of NAT Loopback that needs to be changed. Not 100% clear on which to set it to (ASUS or Merlin) but it does make sense.

 

[coxhaus]

If NAT loopback works you should be fine. If it doesn't add a local DNS entry. The DNS server does not need to be in the router, any local DNS server that you are using will work.

 

[jochenthomas]

Hi both,
great that I got your response.
Coxhaus: It is important to know that it was never necessary before to add static DNS entries (was using the originial Asus software). Of course I could do this as well by adding the address in the hosts file - but I didn't and do not want to do! This would be a wrong way.


/// changed my answer now, after successful change ///
Today I was looking for the mentioned two options (... 378.52 has two different NAT loopback methods).
And was not able to find, but after changing firewall settings for IP-monitoring reasons I accidentally found it.
To be honest: very bad idea to put it under firewall and in a drop-down menu! In addition there are no explanations - so nobody would have an idea what those selections are...
And to be honest I have as well no 100% exact clue why there is a difference.

Also it was necessary to deactivate QoS to get the traffic back to roughly 80++ Mbit/s (100 Mbit/s cable connection) as it was slowed down to 5 Mbit/s. But VoIP without QoS???? Not sure.

Finally I got it working, but still figuring out how to enable QoS.
Also I do not have a clue what this is:
Advertise router's IP in addition to user-specified DNS
Forward local domain queries to upstream DNS

My settings:

///
WAN DNS Setting
Connect to DNS Server automatically x Yes No
///
DNS and WINS Server Setting
DNS Server 1 [empty] -----> because I want to use the ISP's DNS server
DNS Server 2 [empty]
Advertise router's IP in addition to user-specified DNS X Yes No
Forward local domain queries to upstream DNS Yes X No
WINS Server [empty]
///

Best regards

 

[colbond]

On the Firewall settings page try setting the NAT Loopback setting from Merlin to Asus. That did it for me.

 

[jochenthomas]

Hi,
thanks, luckily got it working