[CS-FSLUG] Routing Issue
Tim Young
Tim.Young at LightSys.org
Thu Feb 2 12:39:49 CST 2012
Some routers support this, others do not. So this could be a router
issue, not just a routing issue.
What is happening is this. From inside your network on your client
computer, you attempt to access the external interface. The local
computer compares the destination ipaddress and netmask with it's own
IP address and determines that the destination IP is not local. So,
it sends it to the firewall (gateway). The gateway, upon receiving
the packet, realizes that it needs to port-forward the packet back to
the internal server. The return packet then goes from the server,
back through the reverse NAT, and then back inside to your client
computer. The issue is probably occurring inside the firewall when
it first gets a packet from the client.
Many firewalls on the port forwarding side of things only forward
packets that come from the Internet. They do not have rules that
look for packets with the source on the inside. The packets from the
client are usually masqueraded to the outside world (so the source IP
appears to be 174.96.151.128 to the outside). All sort of odd things
could occur based on how the iptables rules are configured, which
order they are in, etc.
Anyway. Most likely your issue is an iptables issue on your
firewall. Is that a linux box, or something else? Do you have the
ability to hand-edit the iptables rules, or are they simply generated
by a GUI? When you say "you have done this before", was that with
this router with this configuration, or was that using a different
router/firewall?
- Tim Young
On 2/2/2012 11:35 AM, Don Parris wrote:
> Guys,
>
> I have a routing issue. I am fairly certain it is a routing
> issue. I have configured my CentOS 6.2 server to provide SSH and
> WWW service. I can connect to the server via the internal IP
> (192.168*). I can likewise connect to the server via the external
> IP, but only from outside the LAN. What I cannot do is connect to
> the external IP from inside my LAN. I have done this several times
> before, but right now am just really confused.
>
> Router Internal IP is *.1 (provides DHCP to my LAN), External = *128
> Server IP is *.22
>
>
> Running traceroute from the server to the internal IP of the router
> gave *** as a result.
> Running traceroute from the laptop the the external IP of the
> router gave *** as a result.
>
> Running traceroute from my laptop to the server (from inside the
> router) gave this result:
> traceroute to 192.168.1.22 (192.168.1.22), 30 hops max, 60 byte packets
> 1 192.168.1.22 (192.168.1.22) 7.639 ms !X 7.646 ms !X 7.639 ms !X
>
> man traceroute says the !X means "communication administratively
> prohibited".
>
> Here is my routing table on my router:
> 0.0.0.0 255.255.255.0 174.96.151.128 WAN (Internet)
> 0.0.0.0 0.0.0.0 174.96.128.1 WAN (Internet)
> 174.96.128.0 255.255.224.0 174.96.151.128 WAN (Internet)
> 192.168.1.0 255.255.255.0 192.168.1.1 LAN & Wireless
>
>
> I am just really confused.
>
>
> --
> D.C. Parris, FMP, LEED AP O+M, ESL Certificate
> Minister, Security/FM Coordinator, Free Software Advocate
> https://www.xing.com/profile/Don_Parris |
> http://www.linkedin.com/in/dcparris
> GPG Key ID: F5E179BE
>
>
>
> _______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://cs.uninetsolutions.com
More information about the Christiansource
mailing list