I Imagine this problem has to do with IP addresses. Let me try to explain.
First we assume your local LAN ip address for the web server is 192.168.0.10, and the client web browser is 192.168.0.20
The we say the internet-facing ip address (WAN, as you call it) is 188.8.131.52.
Your router will know that one side of its network, the local side, is on the 192.168.0.x network, and the other side is on 30.40.50.x. Also, it will understand that 192.168.0.x is a private address range
, sometimes incorrectly called un-routable, and should never be seen on the real
Thus, when a packet from 192.168.0.20 reaches the router bound for 184.108.40.206 it is rejected by the interface holding the 220.127.116.11 address because it is not a valid address for the internet side of the device, only the local side.
NAT will have trouble solving this because it will have to NAT your address (192.168.0.20) to the outside address (18.104.22.168), and connect from 22.214.171.124 to 126.96.36.199 and get that connecton NATed to 192.168.0.10, which won't work on many devices because we are connecting to ourself from ourself, and many devices don't like that, again for good reasons.
The reason all this doesn't work is called "IP Spoofing". It's a set of rules which include:
1) I should never see a connection from the internet which originates from a private IP. Reject it if I do.
2) I should never see a connection from the internet which originates from my IP address. Reject it if I do.
There are several ways to get around this problem:
1) allow private IPs to route from the internet - bad idea
2) force your web browser to use a proxy server on the internet, so traffic comes from a valid external address (this is why the-cloak.com works) - good idea
3) if you have a domain which resolves to an external IP, try adding a local entry in the clients /etc/hosts/ to force clients to use the local address, like so:
I personally use 3) because I only have a couple of local clients.
Hope that makes sense!