network/routing wonkiness

Vu Pham vu at sivell.com
Sun Jul 22 13:39:51 PDT 2012 

On 07/22/2012 03:12 PM, Lonni J Friedman wrote:
> For years, my home network has experienced a strange routing quirk
> which has mystified me.  For reasons that I'd prefer not to bore
> anyone with, I won't get into why I'm speaking up about it now.  The
> issue is as follows.  I run a web server on my home network, and all
> the IP addresses on this network are non-routable (10.xxx.xxx.xx).
> That same webserver is accessible over the internet, with a real,
> routable (quasi)static IP address.  If any device/system on my home
> network attempts to access the webserver, it will timeout & fail 100%
> of the time.  However, if I hard code the non-routable static IP of
> the webserver in /etc/hosts with the same internet accessible domain
> name, then any system on my home network can access the webserver just
> fine.  Note, this is *not* a port issue.  I'm able to hit the same
> apache server port regardless of whether I'm inside the network, or
> out on the internet.
>
> What I'm failing to grasp is why I am seemingly unable to route
> traffic from my home network out over the internet, and back to my
> webserver.  Either I've got something bizarre misconfigured somewhere,
> or there's some law of networking that I'm not grasping.
>
> thanks
>

I have a similar problem : my web server is a virtual server staying on 
the internal network 192.168.x.x, and the router has a static map that 
maps this web server 's ip to a public ip. To be able to access this web 
server from the internal network, I have to use the internal DNS server 
to map the A record of this server to the its (interna) ip. The public 
hosts will use the public-side DNS server to resolve to the public IP 
address.

My router is a Cisco router. IIRC, my packet sniffing shows that the IP 
packets from the internal hosts get to the internal interface of the 
router and are forwarded to external interface but then stopped right 
there. I was told that the Cisco engine only maps the public ip to the 
internal ip if the packets are from the outside to get into the outside 
interface.

In the case of the internal packets that want to get to the web server 
via the external IP, those packets are put into the out-going queue. The 
engine when processing these packets won't send them out because the 
destination is really inside, but because they are not from the outside 
so the static map won't translate it and these packets are simply dropped.

I may not remember all of these correctly because it happened  5 or 6 
years ago, but I think when I tcpdumped the web server 's interface, 
none of the internal packets that send to the web's external ip can get 
to the web server.


Vu

More information about the Linux-users mailing list