[CS-FSLUG] Routing Issue

Josiah Ritchie josiah at josiahritchie.com
Thu Feb 2 15:04:47 CST 2012 

Build your own router. You can get some nice kits with an ALIX motherboard
and then install pfsense for some great power. I'm running a few of these
and I'm very pleased with them. Don, you can search for some pics and stuff
on my Google Plus page. I've posted my most recent build over there. I
haven't tried what you're doing on it, but I'm sure you could tweak it as
it has iptables under that hood. It's strong, its fun and it's open source
software.

JSR/

On Thu, Feb 2, 2012 at 3:02 PM, Don Parris <parrisdc at gmail.com> wrote:

> Thanks Tim,
>
> I should have remembered to put the router in - it's a Linksys WRT54g.  I
> have used it before and am quite certain I was able to do the u-turn thing
> before.  It doesn't offer iptables at all (or at least not any interface to
> that), although my CentOS server does.  Even with the iptables turned off
> temporarily, I still could not do the u-turn.  I am positive I did this
> before with this same router.  I am actually considering upgrading the
> router - this one is ancient and I would like one that supports IPv6 as
> well as IPv4.
>
> I am open to recommendations on such a router as well.
>
>
> On Thu, Feb 2, 2012 at 13:39, Tim Young <Tim.Young at lightsys.org> wrote:
>
>> Some routers support this, others do not.  So this could be a router
>> issue, not just a routing issue.
>>
>> What is happening is this.  From inside your network on your client
>> computer, you attempt to access the external interface.  The local computer
>> compares the destination ipaddress and netmask with it's own IP address and
>> determines that the destination IP is not local.  So, it sends it to the
>> firewall (gateway).  The gateway, upon receiving the packet, realizes that
>> it needs to port-forward the packet back to the internal server.  The
>> return packet then goes from the server, back through the reverse NAT, and
>> then back inside to your client computer.  The issue is probably occurring
>> inside the firewall when it first gets a packet from the client.
>>
>> Many firewalls on the port forwarding side of things only forward packets
>> that come from the Internet.  They do not have rules that look for packets
>> with the source on the inside.  The packets from the client are usually
>> masqueraded to the outside world (so the source IP appears to be
>> 174.96.151.128 to the outside).  All sort of odd things could occur based
>> on how the iptables rules are configured, which order they are in, etc.
>>
>> Anyway.  Most likely your issue is an iptables issue on your firewall.
>>  Is that a linux box, or something else?  Do you have the ability to
>> hand-edit the iptables rules, or are they simply generated by a GUI?  When
>> you say "you have done this before", was that with this router with this
>> configuration, or was that using a different router/firewall?
>>
>>    - Tim Young
>>
>>
>> On 2/2/2012 11:35 AM, Don Parris wrote:
>>
>>> Guys,
>>>
>>> I have a routing issue.  I am fairly certain it is a routing issue.  I
>>> have configured my CentOS 6.2 server to provide SSH and WWW service.  I can
>>> connect to the server via the internal IP (192.168*).  I can likewise
>>> connect to the server via the external IP, but only from outside the LAN.
>>>  What I cannot do is connect to the external IP from inside my LAN.  I have
>>> done this several times before, but right now am just really confused.
>>>
>>> Router Internal IP is *.1 (provides DHCP to my LAN), External = *128
>>> Server IP is *.22
>>>
>>>
>>> Running traceroute from the server to the internal IP of the router gave
>>> *** as a result.
>>> Running traceroute from the laptop the the external IP of the router
>>> gave *** as a result.
>>>
>>> Running traceroute from my laptop to the server (from inside the router)
>>> gave this result:
>>> traceroute to 192.168.1.22 (192.168.1.22), 30 hops max, 60 byte packets
>>>  1  192.168.1.22 (192.168.1.22)  7.639 ms !X  7.646 ms !X  7.639 ms !X
>>>
>>> man traceroute says the !X means "communication administratively
>>> prohibited".
>>>
>>> Here is my routing table on my router:
>>> 0.0.0.0         255.255.255.0   174.96.151.128  WAN (Internet)
>>> 0.0.0.0         0.0.0.0         174.96.128.1    WAN (Internet)
>>> 174.96.128.0    255.255.224.0   174.96.151.128  WAN (Internet)
>>> 192.168.1.0     255.255.255.0   192.168.1.1     LAN & Wireless
>>>
>>>
>>> I am just really confused.
>>>
>>>
>>> --
>>> D.C. Parris, FMP, LEED AP O+M, ESL Certificate
>>> Minister, Security/FM Coordinator, Free Software Advocate
>>> https://www.xing.com/profile/**Don_Parris<https://www.xing.com/profile/Don_Parris> |
>>> http://www.linkedin.com/in/**dcparris<http://www.linkedin.com/in/dcparris>
>>> GPG Key ID: F5E179BE
>>>
>>>
>>>
>>> ______________________________**_________________
>>> ChristianSource FSLUG mailing list
>>> Christiansource at ofb.biz
>>> http://cs.uninetsolutions.com
>>>
>>
>> ______________________________**_________________
>> ChristianSource FSLUG mailing list
>> Christiansource at ofb.biz
>> http://cs.uninetsolutions.com
>>
>
>
>
> --
> D.C. Parris, FMP, LEED AP O+M, ESL Certificate
> Minister, Security/FM Coordinator, Free Software Advocate
> https://www.xing.com/profile/Don_Parris  |
> http://www.linkedin.com/in/dcparris
> GPG Key ID: F5E179BE
>
>
> _______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://cs.uninetsolutions.com
>



-- 

http://about.me/josiah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ofb.biz/pipermail/christiansource_ofb.biz/attachments/20120202/e542b0fc/attachment.htm>

More information about the Christiansource mailing list