Re: Full loop to public IP and back

This will depend on the firewall you are using for sure. Cisco devices will not allow this. You are sending traffic from (Say) 192.168.1.10 (its private IP Address) that routes in some way to the firewall. The firewall then NATs that to (say) 9.4.0.10 (its Public IP) That traffic is now on the outside interface of the firewall. However that traffic is destined for that same IP address which shouldn't be a problem except the source and destination are the same and on the same interface. A Cicso firewall for one will not allow that traffic to return back through NAT and back to the private IP (192.168.1.10) so you'll never connect.

I believe some firewalls WILL allow this and I wouldn't be shocked to find there is some hairpining setting that might allow this but it's generally not best practice.

The 'work around' here is to add the FQDN of THIS system (e.g. Kt1.litmus.com) that would for me on the outside resolve to 9.4.0.10 into the hosts table pointing to 192.168.1.10 on that server only.

- Larry "DrFranken" Bolhuis

www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.

On 1/19/2016 9:02 PM, Aaron Bartell wrote:

I have a machine named KT1. While on KT1 I am trying to call a web service
using its public IP - essentially calling myself by first going out to the
internet and back again. The issue is it times out. I can access the
public IP (and web service) from many other computers but not from within
the same machine (KT1). From KT1 I can access other public IPs, just not
its own public IP. I've configured the firewall to be wide open so I don't
think it's that.

I've tried adding the public IP to CFGTCP opt 1 and opt 10 (with applicable
domain) but nothing I do seems to be working.

*Questions:*
1 - Do I need to restart TCP/IP services on IBM i after making CFGTCP
changes?
2 - Is there something obvious I am missing?

Aaron Bartell
litmis.com - Services for open source on IBM i