This may be WAY above and beyond what you're willing to do and pay to accomplish this goal. However, I have solved this issue myself, so I figured I'd let you know how it could be solved. The real answer is to
stop using separate IP addresses to access the server for inside and outside your network.
For my system, the ONLY address I have on all of my Client machines is
lan.mydomain.com:[PORT]This works
both inside my network (on my internal WiFi network) and outside my network at the office or even tethered to my 3G phone.
To do this, you will need a
capable router/firewall, and probably DynDNS account (unless you happen to have a static public IP address). I'll describe what I have set up, and if you want you can try to replicate it.
First, before I start, I have a registered domain name and website, which is hosted at
DreamHost. My site does not get a ton of traffic, and I've been very pleased with their service and pricing. If you get creamed with traffic, you'd probably need a different hosting provider. You don't NEED to have a registered domain name or website to do what I'm doing, but that's what I have.
Second, I have a
DynDNS Custom Domain account. I've pointed this to
lan.mydomain.com (actually it isn't that, but it is something similar). My gateway at home updates this record automatically if my IP address at home ever changes. If you DON'T NEED to link this to a specific domain name that you own, you could probably get by with a free DynDNS account. Certainly you could use a DynDNS Pro account, which won't expire on you if you don't manually visit your account at DynDNS every so often. Their service is cheap and works well. Either way, you'll probably want a DynDNS account of some kind for if/when your home IP address changes.
Third, and this is the part that might be tough for you, you need a firewall/router/gateway at home that can handle "Full NAT" style DNAT/SNAT (port forwarding).
I use
Astaro Security Gateway v8 as my home router. It is fantastic, and is totally free for home use as long as you don't have more than 50 machines (which seems like plenty, even with phones and visitors floating around). You basically dedicate a beige-box PC and install the Astaro software on it and put a bunch of ethernet cards in it (mine runs on an old build that I'd retired from desktop use, I believe it is an Athlon XP machine, but I might have switched it to a newer Athlon 64 board, I can't remember right now). You download an ISO from Astaro, burn it onto a CD, boot the computer with that CD, and it reformats the hard drive of the computer and turns it into an Enterprise class firewall/gateway.
To use as an example, assume my Library Server is running on Port 20660.
So, on my firewall, I've defined three DNAT/SNAT rules for my Media Center server:
Rule 1:Traffic Source: Internet
Traffic Service: 1:65535 -> 20660 (any sending port destined for my library server port)
Traffic Destination: WAN Address
Nat Mode: DNAT
Destination: 192.168.0.20 (my internal library server machine)Rule 2:Traffic Source: 192.168.0.20
Traffic Service: 20660 -> 1:65535 (this is the opposite of the previous two port rules, my library server port -> any receiving port)
Traffic Destination: Internet
Nat Mode: SNAT
Source: WAN AddressWhat these first two rules do in practice is this:
1. If ANY request comes in from the Internet directed at my WAN address, on the MC Library Server port, forward this request to my Library Server machine.
2. If ANY request comes FROM my Library Server Machine, on the Library Server Port, destined for the
Internet, change the packets to make it look like these are coming directly from my WAN address (so that responses go to the right place and don't shoot off into the ether).
That's identical to the "regular" port forwarding that most home router/gateway boxes can handle. Usually on consumer routers, you only have to define the DNAT rule (the incoming rule) and then outgoing rules are automatically set up to match. That's actually the problem. The SNAT rules they create don't distinguish between traffic coming from OUTSIDE your firewall and traffic INSIDE your firewall. They basically set up rule one and two above with the word "Internet" replaced with the word "ANY". A more capable router CAN distinguish between different traffic sources. Then, you can set up the third magic rule...
Rule 3:Traffic Source: Internal Network
Traffic Service: 1:65535 -> 20660 (same as rule 1)
Traffic Destination: WAN Address (so my public WAN address)
Nat Mode: Full NAT
Destination: the address of my library server's machine on the internal network (in this case it happens to be 192.168.0.20)
Source: Internal AddressWhat this does is simply redirects ALL requests that originate from INSIDE my LAN, that are headed to the port where I have my library server running,
AND which are being sent to my PUBLIC IP address. Instead of sending these to my public IP address (WAN) it changes them to direct them to my internal server instead, while keeping the SOURCE address still pointed to the original internal network address so that replies go back the right way (normally SNAT changes the reply address to your WAN address, which you don't want here). So essentially, the client machines send a request to lan.mydomain.com:PORT and my router sees this and changes it, on the fly, to 192.168.0.20:PORT instead.
Full NAT translation (Rule 3 above) is typically not available on consumer-class home gateway devices. It MIGHT be available if you install some of the custom ROMS available out there for the different routers like
dd-wrt. I don't know for sure because I have a good firewall now and I stopped following those projects. I just did a brief google search though, and it looks like dd-wrt can do it (though it does it globally instead of rule-by-rule, which is probably fine for home use). The option on dd-wrt seems to be called NAT loopback or "Filter WAN NAT Redirection" or something like that.
Author
Topic: Library client freezes after moving to a new network (Read 846 times)