[CS-FSLUG] Routing Issue
Don Parris
parrisdc at gmail.com
Thu Feb 2 14:02:41 CST 2012
Thanks Tim,
I should have remembered to put the router in - it's a Linksys WRT54g. I
have used it before and am quite certain I was able to do the u-turn thing
before. It doesn't offer iptables at all (or at least not any interface to
that), although my CentOS server does. Even with the iptables turned off
temporarily, I still could not do the u-turn. I am positive I did this
before with this same router. I am actually considering upgrading the
router - this one is ancient and I would like one that supports IPv6 as
well as IPv4.
I am open to recommendations on such a router as well.
On Thu, Feb 2, 2012 at 13:39, Tim Young <Tim.Young at lightsys.org> wrote:
> Some routers support this, others do not. So this could be a router
> issue, not just a routing issue.
>
> What is happening is this. From inside your network on your client
> computer, you attempt to access the external interface. The local computer
> compares the destination ipaddress and netmask with it's own IP address and
> determines that the destination IP is not local. So, it sends it to the
> firewall (gateway). The gateway, upon receiving the packet, realizes that
> it needs to port-forward the packet back to the internal server. The
> return packet then goes from the server, back through the reverse NAT, and
> then back inside to your client computer. The issue is probably occurring
> inside the firewall when it first gets a packet from the client.
>
> Many firewalls on the port forwarding side of things only forward packets
> that come from the Internet. They do not have rules that look for packets
> with the source on the inside. The packets from the client are usually
> masqueraded to the outside world (so the source IP appears to be
> 174.96.151.128 to the outside). All sort of odd things could occur based
> on how the iptables rules are configured, which order they are in, etc.
>
> Anyway. Most likely your issue is an iptables issue on your firewall. Is
> that a linux box, or something else? Do you have the ability to hand-edit
> the iptables rules, or are they simply generated by a GUI? When you say
> "you have done this before", was that with this router with this
> configuration, or was that using a different router/firewall?
>
> - Tim Young
>
>
> On 2/2/2012 11:35 AM, Don Parris wrote:
>
>> Guys,
>>
>> I have a routing issue. I am fairly certain it is a routing issue. I
>> have configured my CentOS 6.2 server to provide SSH and WWW service. I can
>> connect to the server via the internal IP (192.168*). I can likewise
>> connect to the server via the external IP, but only from outside the LAN.
>> What I cannot do is connect to the external IP from inside my LAN. I have
>> done this several times before, but right now am just really confused.
>>
>> Router Internal IP is *.1 (provides DHCP to my LAN), External = *128
>> Server IP is *.22
>>
>>
>> Running traceroute from the server to the internal IP of the router gave
>> *** as a result.
>> Running traceroute from the laptop the the external IP of the router gave
>> *** as a result.
>>
>> Running traceroute from my laptop to the server (from inside the router)
>> gave this result:
>> traceroute to 192.168.1.22 (192.168.1.22), 30 hops max, 60 byte packets
>> 1 192.168.1.22 (192.168.1.22) 7.639 ms !X 7.646 ms !X 7.639 ms !X
>>
>> man traceroute says the !X means "communication administratively
>> prohibited".
>>
>> Here is my routing table on my router:
>> 0.0.0.0 255.255.255.0 174.96.151.128 WAN (Internet)
>> 0.0.0.0 0.0.0.0 174.96.128.1 WAN (Internet)
>> 174.96.128.0 255.255.224.0 174.96.151.128 WAN (Internet)
>> 192.168.1.0 255.255.255.0 192.168.1.1 LAN & Wireless
>>
>>
>> I am just really confused.
>>
>>
>> --
>> D.C. Parris, FMP, LEED AP O+M, ESL Certificate
>> Minister, Security/FM Coordinator, Free Software Advocate
>> https://www.xing.com/profile/**Don_Parris<https://www.xing.com/profile/Don_Parris> |
>> http://www.linkedin.com/in/**dcparris<http://www.linkedin.com/in/dcparris>
>> GPG Key ID: F5E179BE
>>
>>
>>
>> ______________________________**_________________
>> ChristianSource FSLUG mailing list
>> Christiansource at ofb.biz
>> http://cs.uninetsolutions.com
>>
>
> ______________________________**_________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://cs.uninetsolutions.com
>
--
D.C. Parris, FMP, LEED AP O+M, ESL Certificate
Minister, Security/FM Coordinator, Free Software Advocate
https://www.xing.com/profile/Don_Parris |
http://www.linkedin.com/in/dcparris
GPG Key ID: F5E179BE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ofb.biz/pipermail/christiansource_ofb.biz/attachments/20120202/82524885/attachment.htm>
More information about the Christiansource
mailing list