Accessing an external DNS address internally behind NAT

paintb4707paintb4707 Member Posts: 420
I finally found a work-around for this. I've spent tons of time researching and was never able to find a solution for this until it just hit me now. I'm very proud of myself for figuring this out on my own so I thought I'd share it. :D

Let's say you host a website on your network which is behind NAT. You have an external DNS record for that website so that it can be viewed by the public.

Here's the conflict... when you try to access that external address, obviously it is directed to your NAT device. This is all fine and dandy when you're on the outside. When your internal, any traffic being directed to the NAT device (a WatchGuard Firebox in my situation) would result in a username/password prompt as if you were trying to log into the admin configuration page of the router/firewall. Just up until now I thought that there was no fix for this if the router/firewall doesn't have a traffic directing capability for NAT.

I was wrong.

Let's say your domain name is and you're trying to access your website internally which is

If you create a new dns forward zone on your DNS server as "", you can then add an A Host record for "www" pointing to the IP address of its host, which in turn makes the FQDN "". Wait a few minutes for the DNS changes to be applied to your machine and you can access the website internally without being intercepted by the router.

This little method also helped me with Iphones and accessing company email via Wi-fi. Before I had to make sure users had two email accounts. One external and one internal for wi-fi. Adding another A Host record for "mail" (FQDN - would allow users to access email both internally and externally with only one account.

OWA is also accessible internally now for my users with the public address. Not that it's a big deal since they all have Outlook, but before you would have to access OWA internally with "" and it is now ""
Sign In or Register to comment.