Passing Port 80 Service Request Through Router From WAN To LAN

I run a web server from my laptop, and my IP address (location) gets updated via DynDNS.org servers.

My notebook is always behind a NAT-configured LAN, and I have configured the router firewall to pass port 80 service requests to my IP (usually 192.168.x.2, where x is maybe 0 or 1 or whatever...I use NetSetMan for location based setting). Note: the DHCP server is configured to stay away from static addresses in the private LAN.

Most routers have their own port 80 service, the configuration interface, accessible by hosts inside the LAN.

I don't have a problem with port 80 service requests coming from the WAN getting passed to 192.168.x.2 host running the web server.

BUT, users in the 192.168.x subnet requesting service from within the LAN do NOT get delivered the web page from host 192.168.x.2, but instead the router's configuration interface, if they use the host NAME. Of course, if they use the host IP address, they get the content.

What is happening of course is that if anyone uses "http://mywebserverhostname.com/", it goes to DynDNS.org where the IP is resolved to the address a.b.c.d, the WAN IP address of the router I am currently connected to. So the http client bundles the packet to the destination a.b.c.d:80.

The users INSIDE the LAN get the router configuration interface web page when they type in a.b.c.d:80, but not users OUTSIDE the LAN (in that WAN).

What's the solution?

Any chance this is a Belkin router? I had the same problem with my Belkin N450 Gigabit, not being able to use my DynDNS name, only the ip address (192.168.....). The Belkin died a few days ago when our power blipped two or three times in a row (I did not have the router on a battery backed up UPS plug, do now).

I replaced it with a Netgear 450 Gigabit router and the problem is gone. I can now connect using the DynDNS name (and Mooo.com name) again. So, bottom line is, it's probably your router causing the problem.

I went round and round with Belkin on this for over a month and finally just gave up. Made it difficult to test changes to the web server.

No, this is clearly not related with a defective router. At home, I have US Robotics 9108---must be more than 10 years old, an unbelievable workhorse! And at the workplace, the router is a ZyXEL P-660HN-F, one of more recent make.

Perhaps I did not explain the problem very well in the first post.

All users, whether on the WAN or LAN side put the text:

http://my.domain.name.web.site.com/

in their http client (web browser) location/address text box. Their client name resolver module then connects to the DNS server, and eventually the DNS server network learns that the name belongs to DynDNS.org and the name resolution response comes back from DynDNS.org of my current IP address if my laptop is connected to the Internet...if not, a "server not found" answer will come.

But if an IP address (a.b.c.d) is returned, what happens next is different:

• if the user is outside the LAN (on the WAN side of the router), the web page (port 80 service) request is passed through the router to my laptop running the server. My server then responds with the home (index) page. This behavior is wanted.
• if the user is inside the LAN, with a NAT-based address assigned for private addressing systems (like 192.168.y.z or 172.16.y.z or 169.254.y.z), the router, which operates its own http server and handles port 80 service requests by delivering its configuration interface web page so that its administrator can configure the router, will instead deliver that interface web page. This behavior is NOT wanted.

The LAN side is configured using the private address system: 192.168.0.x, with subnet mask configured for all address numbers x. Let's say mine is 192.168.0.2, so the router is configured not to firewall any port 80 request and to pass all requests to the host with 192.168.0.2. It does this with no problem for those on the WAN side (outside the LAN). But for users inside the LAN, it delivers the router's own configuration interface web page, not what is wanted.


Now someone might say, "well, this is logical, because if the router needs to make its configuration interface available from the LAN side to its administrator, and if it is told not to handle port 80 requests from the LAN side, then the administrator cannot ever gain access to the configuration interface."


Actually that's not so. The router can instead be instructed (configured) to use another port number for any service request coming from the LAN side. For example, most http (web) servers are configured not only to handle requests from port 80, but also port 8080 (outside the standard first 1024 port numbers). The administrator can use this port or even change the port number for gaining access to the configuration interface.


But I am guessing that routers are just not set up for that...or perhaps the cheap models most use are not set up for that.


Right now, LAN users must type in "http://192.168.0.2" to their client to get the web page when they are inside the LAN, instead of being able to use the name. But having to tell the users to use two different links, depending upon whether they are outside or inside the LAN is just not the way it should be.

I hear what you are saying but that is exactly the symptom I got with the Belkin router that I no longer get with the Netgear.

Maybe try the USR or ZyXEL forums?

Many routers activate port forwarding only when connections come from WAN-port.

Not that it solves the problem but maybe you can:

Reserve a DHCP address on router for laptop based on MAC address. Each time laptop get an IP address using DHCP. But setting it up this way the address is always the same (so you can port forward to that IP address).

If you move the laptop to another LAN ... it asks the other router using DHCP for IP address.

What happens if webserver is running on port 81 and port forwarding port 81 is on? Same problem (so website not found)?