Why I can't use my physical ip to see my website after using NAT in Eucalyptus

I have two real machines.

One is responsible for NAT and IP redirect called NC2 and another is responsible for eucalyptus KVM established 3 virtual machine.

No doubt, the OS of machine which is responsible for eucalyptus is Linux.

The guest OS of virtual machines are Windows XP.

Each virtual machine is a web server which runs Tomcat

NC2 gives an private IP 192.168.0.3 to Linux server.

Linux server gives 3 IPs which are private class B to virtual machines.

For example, one of guest OS gained IP 172.16.1.5

Now I use NC2 to redirect a physical IP x.x.x.x to 172.16.1.5

Here is my problem:

  I can use other PC ,outer IP, connect to the website which is established on 172.16.1.5 with IP x.x.x.x, but I can't use machine with IP 172.16.1.5 to connect to it's own website.

  I turned off the firewall on 172.16.1.5, and it's able to connect to internet such as yahoo or amazon. But it just can't use x.x.x.x to conn开发者_JAVA百科ect to it's own website.

  I tested other guest OS which are gained 172.16.x.x also not able to connect to x.x.x.x.

How can I do to make guest OS connect it's redirected physical address?

It look likes this is caused by a NAT issue called 'hairpin'. Here is the explanation:

Let machine A on a LAN have a private IP address 192.168.0.10. Let NAT N translate A's private IP to public 77.33.45.67 for the WAN.

Some 'early/old' NATs take for granted that the translated address in only going to be used from the WAN. Therefore, they don't forward packets on the LAN having ip address = 77.33.45.67 and only let in and forward those with this ip address when they come from the WAN.

This problem is solved in more recent NATs which detect these situations and forward packets properly. This problem is sometime encountered in P2P systems.

If you are lucky, your NAT be may be reconfigured to enable usage of translated address on the LAN. If not, then you need a new NAT.