I currently have 2 Ubuntu 12.04 servers which are load balanced. If I go to anyone on them from the shell and type:
wget stackoverflow.com
The page is fetched into index.html
. However, assuming the site hosted on those servers is called mysite.com
, calling
wget mysite.com
I get:
Resolving mysite.com (mysite.com)... 50.XXX.YY.ZZZ
Connecting to mysite.com (mysite.com)|50.XXX.YY.ZZZ|:80... failed: Connection refused.
where 50.XXX.YY.ZZZ
is the public IP of mysite.com
. Any ideas what is wrong on those servers?
The basic issue is this:
The server has a private inside IP address. (I'll call it 192.168.0.2 for simplicity.)
It opens a connection from its private inside IP address to its public address. (From 192.168.0.2 to 59.XXX.YY.ZZ)
This goes to the router, following the server's default route. (Since the machine doesn't know the public address is associated with itself.)
The router port forwards the request to the public IP address and forwards it to the machine. The request still has a source of 192.168.0.2 but now it has a destination of 192.168.0.2.
The machine receives a connection from 192.168.0.2 to 192.168.0.2, accepts the connection, and sends itself a response. (Since it knows 192.168.0.2 is local.)
The machine is baffled to receive a response from 192.168.0.2 since it was expecting one from 59.XXX.YY.ZZ, and the connection attempt fails.
For hairpin NAT to work, the router has to not only forward the request to the correct inside machine rewriting the destination but it also has to rewrite the source to make sure the reply packets go back through the router so they can be NATted too. Many routers can't do this, and many that can require specific configuration.
Put
in your /etc/hosts
I assume that it routes packages outside your box with the public IP and somehow they not get back.