LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-13-2004, 03:45 PM   #1
synx13
LQ Newbie
 
Registered: Feb 2004
Posts: 4

Rep: Reputation: 0
Routing LAN -> WAN -> LAN with unhelpful router


Hi, I bought a rather gimpy router. Amongst other things, it won't loop any packets directed from the internal network through its packet filter. That means I can set up my external IP to forward a port to my back computer, but if I try to access my external IP from either computer instead of routing the request through that system and giving me a connection to my back computer, it gives me a connection to itself.

External IP: A (is static IP from ISP)
Internal IP: F (front computer) B (back computer) R (router IP)

On a forwarded port from A -> B
When I from computer F try to access A, I get R.
When anyone outside the LAN tries to access A, they get B.

What should I do to solve this? I have tried a few things, but still run into difficulties.

First I tried using iptables, failed miserably. Anyone who can help with that, by all means advise me. Then, I went and got one of those "free" DNS names, and in my /etc/hosts file I added the DNS name associated with my back computer. That works pretty well! Except... that means I can't host any services on my front computer, and believe me my poor little back computer can't handle much more than a web server even though no one ever needs to reboot it into Windows like this front computer here. ;p

The reason I can't host services is when I set the configuration files for something like jabber to consider itself named 'localhost' then any external connections through a forwarded port on my router will choke upon seeing my server named "blah-blah-isp-long-name-IP-with-dashes.com" and not "localhost." Obviously I'm an evil hacker trying to spoof DNS names. If I set up any of these services to think of themselves as "blah-blah-isp-long-name-IP-with-dashes.com" then I can't access them from inside the LAN, since all queries to that name resolve to A, which gives me my router. Not the computer it should have been forwarded to.

The same goes for that DNS name I got. If I try to access my service by that name it sends me to the back computer when I wanted to stay in the front. Nothing is listening on the back computer.

There are some services which require a solid stately unchanging secure DNS name, otherwise they die screaming bloody security breach. Should I get /two/ DNS names that both point toward address A, and in my internal /etc/hosts use those to specify front and back computer? Is there some way from my front computer, I can first resolve to my back computer in /etc/hosts, then use iptables to change it back to my front comptuer for certain ports I intend for my front computer?

I tried in F's nat table:
iptables -t nat -A PREROUTING -p TCP --destination B --dport 1234 -j DNAT --to-destination F
But all attempts from F to connect to B at port 1234 still go to B and not to F.

Here's my routing table for F... do I have something set up wrong?

Erm...
F=192.168.2.2
B=192.168.2.3
R=192.168.2.1

Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.168.2.1     0.0.0.0         UG    0      0        0 eth0
 
Old 06-13-2004, 03:57 PM   #2
Newb001
LQ Newbie
 
Registered: Jun 2004
Distribution: Phlak
Posts: 20

Rep: Reputation: 0
So you want to access B from F with A instead of accessing R with A?
 
Old 06-14-2004, 02:35 PM   #3
synx13
LQ Newbie
 
Registered: Feb 2004
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by Newb001
So you want to access B from F with A instead of accessing R with A?
Close, I've got my sites set a bit higher than that. I already figured a way to access B from F with A by adding the wrong DNS entry in my /etc/hosts file so that what resolves to A for everyone else resolves to B for me. Quite a hack, but it sorta works.

I would like to access B from F with A for certain ports, and F from F with A from other ports.


Starling
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
10.2 upgrade; lan works, wan doesn't Nd4Spd Slackware - Installation 18 11-20-2005 09:00 AM
2 routers WAN, LAN could you please tell me... microsmart Linux - Networking 5 08-06-2005 01:17 PM
Solaris 10. Got LAN working but not WAN. norus Solaris / OpenSolaris 5 06-11-2005 10:43 AM
LAN works, WAN doesn't ? BrianK Linux - Networking 2 06-16-2003 07:11 PM
LAN/WAN problems CyberNet Linux - Networking 1 11-11-2002 10:30 PM


All times are GMT -5. The time now is 07:59 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration