[CS-FSLUG] (SOLVED) Routing Issue
Don Parris
parrisdc at gmail.com
Sun Feb 5 09:02:47 CST 2012
Hi all, I just wanted to pass on an update. I finally resolved this
routing issue just now. It was my NAT filtering on my router's security
page. I can now access the external IP from behind my router. :-) I was
looking right at it but not seeing it. Just something goofy to embarrass
myself I guess.
On Thu, Feb 2, 2012 at 16:04, Josiah Ritchie <josiah at josiahritchie.com>wrote:
> Build your own router. You can get some nice kits with an ALIX motherboard
> and then install pfsense for some great power. I'm running a few of these
> and I'm very pleased with them. Don, you can search for some pics and stuff
> on my Google Plus page. I've posted my most recent build over there. I
> haven't tried what you're doing on it, but I'm sure you could tweak it as
> it has iptables under that hood. It's strong, its fun and it's open source
> software.
>
> JSR/
>
>
> On Thu, Feb 2, 2012 at 3:02 PM, Don Parris <parrisdc at gmail.com> wrote:
>
>> Thanks Tim,
>>
>> I should have remembered to put the router in - it's a Linksys WRT54g. I
>> have used it before and am quite certain I was able to do the u-turn thing
>> before. It doesn't offer iptables at all (or at least not any interface to
>> that), although my CentOS server does. Even with the iptables turned off
>> temporarily, I still could not do the u-turn. I am positive I did this
>> before with this same router. I am actually considering upgrading the
>> router - this one is ancient and I would like one that supports IPv6 as
>> well as IPv4.
>>
>> I am open to recommendations on such a router as well.
>>
>>
>> On Thu, Feb 2, 2012 at 13:39, Tim Young <Tim.Young at lightsys.org> wrote:
>>
>>> Some routers support this, others do not. So this could be a router
>>> issue, not just a routing issue.
>>>
>>> What is happening is this. From inside your network on your client
>>> computer, you attempt to access the external interface. The local computer
>>> compares the destination ipaddress and netmask with it's own IP address and
>>> determines that the destination IP is not local. So, it sends it to the
>>> firewall (gateway). The gateway, upon receiving the packet, realizes that
>>> it needs to port-forward the packet back to the internal server. The
>>> return packet then goes from the server, back through the reverse NAT, and
>>> then back inside to your client computer. The issue is probably occurring
>>> inside the firewall when it first gets a packet from the client.
>>>
>>> Many firewalls on the port forwarding side of things only forward
>>> packets that come from the Internet. They do not have rules that look for
>>> packets with the source on the inside. The packets from the client are
>>> usually masqueraded to the outside world (so the source IP appears to be
>>> 174.96.151.128 to the outside). All sort of odd things could occur based
>>> on how the iptables rules are configured, which order they are in, etc.
>>>
>>> Anyway. Most likely your issue is an iptables issue on your firewall.
>>> Is that a linux box, or something else? Do you have the ability to
>>> hand-edit the iptables rules, or are they simply generated by a GUI? When
>>> you say "you have done this before", was that with this router with this
>>> configuration, or was that using a different router/firewall?
>>>
>>> - Tim Young
>>>
>>>
>>> On 2/2/2012 11:35 AM, Don Parris wrote:
>>>
>>>> Guys,
>>>>
>>>> I have a routing issue. I am fairly certain it is a routing issue. I
>>>> have configured my CentOS 6.2 server to provide SSH and WWW service. I can
>>>> connect to the server via the internal IP (192.168*). I can likewise
>>>> connect to the server via the external IP, but only from outside the LAN.
>>>> What I cannot do is connect to the external IP from inside my LAN. I have
>>>> done this several times before, but right now am just really confused.
>>>>
>>>> Router Internal IP is *.1 (provides DHCP to my LAN), External = *128
>>>> Server IP is *.22
>>>>
>>>>
>>>> Running traceroute from the server to the internal IP of the router
>>>> gave *** as a result.
>>>> Running traceroute from the laptop the the external IP of the router
>>>> gave *** as a result.
>>>>
>>>> Running traceroute from my laptop to the server (from inside the
>>>> router) gave this result:
>>>> traceroute to 192.168.1.22 (192.168.1.22), 30 hops max, 60 byte packets
>>>> 1 192.168.1.22 (192.168.1.22) 7.639 ms !X 7.646 ms !X 7.639 ms !X
>>>>
>>>> man traceroute says the !X means "communication administratively
>>>> prohibited".
>>>>
>>>> Here is my routing table on my router:
>>>> 0.0.0.0 255.255.255.0 174.96.151.128 WAN (Internet)
>>>> 0.0.0.0 0.0.0.0 174.96.128.1 WAN (Internet)
>>>> 174.96.128.0 255.255.224.0 174.96.151.128 WAN (Internet)
>>>> 192.168.1.0 255.255.255.0 192.168.1.1 LAN & Wireless
>>>>
>>>>
>>>> I am just really confused.
>>>>
>>>>
>>>> --
>>>> D.C. Parris, FMP, LEED AP O+M, ESL Certificate
>>>> Minister, Security/FM Coordinator, Free Software Advocate
>>>> https://www.xing.com/profile/**Don_Parris<https://www.xing.com/profile/Don_Parris> |
>>>> http://www.linkedin.com/in/**dcparris<http://www.linkedin.com/in/dcparris>
>>>> GPG Key ID: F5E179BE
>>>>
>>>>
>>>>
>>>> ______________________________**_________________
>>>> ChristianSource FSLUG mailing list
>>>> Christiansource at ofb.biz
>>>> http://cs.uninetsolutions.com
>>>>
>>>
>>> ______________________________**_________________
>>> ChristianSource FSLUG mailing list
>>> Christiansource at ofb.biz
>>> http://cs.uninetsolutions.com
>>>
>>
>>
>>
>> --
>> D.C. Parris, FMP, LEED AP O+M, ESL Certificate
>> Minister, Security/FM Coordinator, Free Software Advocate
>> https://www.xing.com/profile/Don_Parris |
>> http://www.linkedin.com/in/dcparris
>> GPG Key ID: F5E179BE
>>
>>
>> _______________________________________________
>> ChristianSource FSLUG mailing list
>> Christiansource at ofb.biz
>> http://cs.uninetsolutions.com
>>
>
>
>
> --
>
> http://about.me/josiah
>
> _______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://cs.uninetsolutions.com
>
--
D.C. Parris, FMP, LEED AP O+M, ESL Certificate
Minister, Security/FM Coordinator, Free Software Advocate
https://www.xing.com/profile/Don_Parris |
http://www.linkedin.com/in/dcparris
GPG Key ID: F5E179BE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ofb.biz/pipermail/christiansource_ofb.biz/attachments/20120205/400e376e/attachment.htm>
More information about the Christiansource
mailing list