2

How is it possible to access an internal resource (email server / FTP server) using its external IP address but from within the network ?

The situation is that a number of users have laptops and work out of the office several days per week. I don't want them to have to change the connection details from 217.x.x.x to 10.0.0.x every time they come into the office, then back again when they leave.

I have external access working, so they can connect using the 217.x.x.x IP when on the road, but it doesn't work when they are in the office.

We have a router providing NAT access to the net and different servers for FTP, email etc.

Paul G
  • 61
  • 1
  • 2
  • 3

2 Answers2

7

This is what DNS is for - your external DNS provides the 217.x.x.x address for the names, while your internal DNS returns the 10.0.0.x IP address. Clients access resources by hostname, not IP address, and it's done.

Harper Shelby
  • 16,475
  • 2
  • 44
  • 51
1

Unless you have filters forbidding access to the external NAT'ed address from internal clients, I do not see why it should not work.

Keltia
  • 14,535
  • 3
  • 29
  • 30
  • 1
    many routers only do NAT on packets received on the external interface – Alnitak Jan 17 '09 at 14:41
  • Thtat is not the question, the external IP does exist so unless you have specifically forbidden access from the internal network (which wouls not make any real sense), that IP is reachable. – Keltia Jan 18 '09 at 19:01
  • Host A, on the private network, sends a packet to the external IP of Server S. Not being a packet for the local LAN, it is router towards the NATing router R, where it arrives on the internal interface. Router R knows that the external IP of Server S is local to the external interface and subsequently drops the packet, as it cannot find an ARP address for it. No, most routers will NOT handle packets destined for a static NAT mapping coming from the "inside" network. Some will allow you to configure "NAT on a stick", though. – Vatine Jan 21 '10 at 06:39