Unable to connect to computer from outside LAN


Answer: 1

22 hours ago

I opened two terminal windows, and typed nc -vv -lp 9999 in the first one andnc -vv $(dig +short myip.opendns.com @resolver1.opendns.com) 9999 in the second. However, the two netcats didn't connect, and I got

Warning: forward host lookup failed for 11.22.333.44.in-addr.arpa [44.333.22.11] 9999 (?) : Connection timed out

, where instead of 44.333.22.11 was my real ip. I turned off the INPUT block with iptables, turned off my router firewall, but nothing changed. However, when I try nc -vv 9999, or nc -vv 9999 (my ip in LAN), it works just fine. What could go wrong? UPD I have just tested the possibility of connecting from another computer outside my network, but it failed too.

nc -vv my.i.p.address 9999

I used the same command with my public IP on another machine

Answer: 2

22 hours ago

dig +short myip.opendns.com @resolver1.opendns.com

is a way of finding out what your IP address is on the internet by using a third-party "resolver1.opendns.com" outside your network.

Since you're behind a NAT, your machine has no way of finding out how to route these packets to you.

So long as your router supports "loopback addressing" (routing internal packets destined for your public IP back to you) your router would still need to know that those packets are destined for your internal IP address on that port. This is known as Port Forwarding.

If you add a port forward to your router for port 9999 to your internal IP address then it might work but most SOHO modem/routers don't support this kind of behaviour since it's exceptionally unusual in normal operations. The use case being that if you are inside the LAN, why would you not communicate via the LAN IP?

The only situation I've seen this kind of usage has been in a poorly-configured DNS resolver. If you have a local DNS server, then it should be replying with the internal IP for local services, not sending all traffic via the internet.

