Loopback Connections

A common problem that many customers encounter when using a NAT router is that they want to be able to access their web site from within their local network, but their NAT router does not support "loopback" connections.

What is a loopback connection in this sense?

Lets say, for example, that you have a local network consisting of two machines behind a NAT router with the router in turn connected to a DSL or Cable modem.

Each of the two machines will be assigned an IP address by the NAT router within a "local" IP space such as the 192.168 block. The NAT router in turn is assigned an IP address by the ISP within the "public" space. When you setup a host or domain within our system, it is this public IP address that the host/domain points to.

Let's consider a small network with two computers behind a NAT router.

Simple network diagram

In the above diagram the "public" address is 65.54.43.32 and the NAT router has a LAN/private address of 192.168.0.1. The other computers on the network are assigned numbers within this private space.

Now, let's say that you have registered the domain "example.com" with the host "www.example.com" mapped to your public IP address. When somebody out on the internet attempts to connect to www.example.com, they end up connecting to the WAN interface on the NAT router. The NAT router in turn "routes" the packets to an internal machine based on the port that the connection came in on.

Note: For more info on how NAT routers distribute incoming traffic, see our KB article "Dynamic DNS & NAT".

Now, the problem arises when somebody using the "Work Station" computer wants to access the "Web Server" computer. If they try to access the computer via the hostname www.example.com, the NAT router will attempt to route this out its WAN interface and then back in. In most cases this will either fail or you'll get the web interface for the router itself because the router just isn't able to do this.

The Solution

Ok, now that we have a clear picture of the problem, what is the solution. Certainly somebody sitting at Work Station can use the local IP address to access the Web Server. But, this is less than optimal if, for example, you have multiple (virtual) hosts on the server. Obviously it would be desirable to use the hostname to access the server for any number of reasons.

First, you should configure port forwarding on your router. Some routers experience loopback errors until the correct ports are forwarded. By adding an entry on port 80, your router will be correctly configured to allow access to your webserver. PortForward.com provides detailed information on how to configure your router's forwarding features.

Then, you must edit your HOSTS file.

Historical Digression: Way back in the dark ages when what we know now as the "Internet" was still called ARPANET and before DNS had ever been invented, HOSTS files were used to map hostnames to IP addresses. If you wanted to find another machine on the net you had to first download the latest HOSTS file. This quickly became unwieldy as the number of machines connected grew beyond a few hundred and what is now DNS was eventually developed to replace the HOSTS file.

On a standard UNIX/Linux system (including Apple's Mac OS X) the HOSTS file will generaly be found at 

	/etc/hosts

On Windows systems the location of this file varies.

Regardless of the system, the format of this file should be essentially the same. Using the above network example you would want to add the following lines to this file:

	192.168.0.1	router.example.com
	192.168.0.2	www.example.com
	192.168.0.3	foo.example.com

Now, any time you use a web browser or any other application to connect to www.example.com, the hostname will resolve locally via the HOSTS file instead of resolving via the DNS and you'll connect via the local IP address. At the same time, anyone not on your network will continue to use DNS to resolve this hostname and will connect via the public IP address.