Does QuestionRDP work when using a local IP address, even if you are on a different network than your own?
Does QuestionRDP work when using a local IP address, even if you are on a different network than your own?
I have a Windows 2008 R2 server on the internet with a public static address. I use a Mikrotik router as my main router and forwarded the public IP to the Server locally too. I also kept a separate local IP for the Server so it can connect from inside. For days now everything is working fine, but now only the local connection works; the RDP won't go over the public static IP even though I am in the same network. The RDP worked great before on other networks with that address too. I tried rebooting both the server and the Mikrotik router, but nothing helped. Anyone can help me fix this please? (Please note: I used my LAN and wireless LAN to get connected to both addresses)
You seem much more informed on this topic than many we see asking about this so I will explain in some detail. The difference between using the public IP on a external network and using the public IP on the lan network is the path the data takes. So lets say your public IP is a.b.c.d. And lets say your local IP are 192.168.1.100 for the pc and 192.168.1.101 for the server. So normally when you traffic goes to the internet say to x.x.x.x your traffic looks like this. source ip 192.168.1.100 dest ip x.x.x.x-----------NAT----- source ip a.b.c.d destination ip x.x.x.x Now for traffic coming from some random IP on the internet to your server because of the port forwarding rules that data translation looks like this. Source ip w.x.y.z destinatio ip a.b.c.d (your public ip). -----NAT--- source ip w.x.y.z destination 192.168.1.101. Now in case you discuss your traffic goes Source IP 192.168.1.100 destination ip a.b.c.d ---NAT-- source IP a.b.c.d destination IP a.b.c.d <----note both the source and destination IP are the same. The traffic now must do another nat. Source IP a.b.c.d destination ip a.b.c.d --NAT-- source ip a.b.c.d destination ip 192.168.1.101. When the traffic goes back to the client machine it must reverse this process. This is very confusing to even think about and many routers are too stupid to do this. If it is handled it can be done in 2 ways. First the router could have a special feature many times called hairpin NAT. In most cases even if the router supports this they do not document it. The other way depends on luck. Some routers actually ignore the destination IP and blindly send all data to the gateway (ie ISP router). They will do this even when the IP is their own public IP. The ISP router will get the packet and look up its path for the destination IP and send it back to the router. Since the router now thinks this is a incoming packet rather than a outgoing one it will process it correctly. Not all ISP routers will do this partially to prevent data loops. Hard to say why it used to work. You can look for a option to turn on hairpin nat (it can be called other stuff).
I used to have a MikroTik hEX around. I think I know the hairpin NAT wasn't turned on by default, so I had to turn it on myself.