Content:
NAT Loopback, also known as NAT Reflection, is a routing feature which enables a machine on the local network to be accessed using the public domain name/IP address.
It’s a feature which can be very beneficial when developing websites, ensuring a common endpoint regardless of the location of access.
Unfortunately, it’s increasingly common for ISPs to block NAT Loopback on their routers. This happened to us recently – one day, it worked perfectly. Then the next, it had been disabled.
It’s rather irritating to see hits in your server log from across the world, when you’re unable to access it – despite being able to see the server.
Fortunately, it’s not too difficult to work around.
Using a Local Address
This isn’t the best option, nor is it always even possible, depending on the configuration of the target machine.
It’s mentioned for completeness, and as the easiest solution (should it be suitable) it’s worth a brief mention. If you know the local IP address of the machine, you should be able to access it through this address.
Hosts File
The hosts file (/etc/hosts) is a file used to map hostnames to IP addresses. It’s commonly used by system ad blockers (think AdAway on Android, rather than a browser extension) to redirect requests to advertiser sites to a local or invalid address.
Years ago, the hosts file was a common target for Windows viruses. It’s why an infected PC would be unable to access certain sites, such as those of anti-virus vendors.
The hosts file does also have non-malicious uses. It can be used to redirect requests to the IP of a local machine.
This technique is ideal if the target machine has a fixed local IP address.
Adding Your Record
First, you’ll need to open your hosts file. You’ll need root permissions to do this.
You’ll see a file that beings with something similar to the below.
127.0.0.1 localhost
::1 localhost
Below these two entries, add a new entry. On the left side should be the IP address of the machine to direct requests to.
On the right, enter the hostname you need to redirect. This value needs to be a text hostname – an IP address will not work. http/https should be omitted from the URL.
192.168.0.10 qubitsandbytes.co.uk
This example would redirect requests to this website, to the local machine with IP address 192.168.0.10
.
Save the file, and test the connection.
When accessing the domain, your machine will now send the request to the local address specified in the hosts file, rather than the global IP address associated with the hostname.
What’s great about this method, is the target machine will treat the request just like any other. This means features such as security certificates will be recognised correctly, and the server will respond as expected.
Handling All Cases
There is one important consideration to keep in mind. Web-facing machines are often configured to handle both www and non-www requests, redirecting one to the other.
If your server is configured with any client-side redirects, you’ll need to add extra entries to cover the redirect URLs.
For example, if the server redirects qubitsandbytes.co.uk
to www.qubitsandbytes.co.uk
, a request to qubitsandbytes.co.uk
will also send a second request to www.qubitsandbytes.co.uk
once the server responds with the redirect.
This second entry needs to be entered into the hosts file as well, or it will use the global IP instead.
Use a Different Router
Modifying the hosts file is a good option, but needs to be handled individually on each machine on the network. It’s more tricky to change host files on certain devices, such as iOS. It’s therefore not always an easy solution to implement.
Many ISP-supplied routers support the option of switching to ‘modem mode’. In this mode, the router handles the connection to the outside, but doesn’t handle connections on the internal network.
Switching to this mode, and adding a NAT Loopback capable router, is a more complete (if more costly) solution.