network/routing wonkiness

Lonni J Friedman netllama at gmail.com
Sun Jul 22 14:05:14 PDT 2012 

On Sun, Jul 22, 2012 at 1:39 PM, Vu Pham <vu at sivell.com> wrote:
> On 07/22/2012 03:12 PM, Lonni J Friedman wrote:
>> For years, my home network has experienced a strange routing quirk
>> which has mystified me.  For reasons that I'd prefer not to bore
>> anyone with, I won't get into why I'm speaking up about it now.  The
>> issue is as follows.  I run a web server on my home network, and all
>> the IP addresses on this network are non-routable (10.xxx.xxx.xx).
>> That same webserver is accessible over the internet, with a real,
>> routable (quasi)static IP address.  If any device/system on my home
>> network attempts to access the webserver, it will timeout & fail 100%
>> of the time.  However, if I hard code the non-routable static IP of
>> the webserver in /etc/hosts with the same internet accessible domain
>> name, then any system on my home network can access the webserver just
>> fine.  Note, this is *not* a port issue.  I'm able to hit the same
>> apache server port regardless of whether I'm inside the network, or
>> out on the internet.
>>
>> What I'm failing to grasp is why I am seemingly unable to route
>> traffic from my home network out over the internet, and back to my
>> webserver.  Either I've got something bizarre misconfigured somewhere,
>> or there's some law of networking that I'm not grasping.
>>
>> thanks
>>
>
> I have a similar problem : my web server is a virtual server staying on
> the internal network 192.168.x.x, and the router has a static map that
> maps this web server 's ip to a public ip. To be able to access this web
> server from the internal network, I have to use the internal DNS server
> to map the A record of this server to the its (interna) ip. The public
> hosts will use the public-side DNS server to resolve to the public IP
> address.
>
> My router is a Cisco router. IIRC, my packet sniffing shows that the IP
> packets from the internal hosts get to the internal interface of the
> router and are forwarded to external interface but then stopped right
> there. I was told that the Cisco engine only maps the public ip to the
> internal ip if the packets are from the outside to get into the outside
> interface.
>
> In the case of the internal packets that want to get to the web server
> via the external IP, those packets are put into the out-going queue. The
> engine when processing these packets won't send them out because the
> destination is really inside, but because they are not from the outside
> so the static map won't translate it and these packets are simply dropped.
>
> I may not remember all of these correctly because it happened  5 or 6
> years ago, but I think when I tcpdumped the web server 's interface,
> none of the internal packets that send to the web's external ip can get
> to the web server.

Yup, that's a good summary of the problem.  So basically this sounds
like a limitation of the router sitting between my internal network &
the internet?  Mine isn't a Cisco device (its an embedded Linux based
device), so perhaps I can find/Google a solution.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
L. Friedman                                    netllama at gmail.com
LlamaLand                       https://netllama.linux-sxs.org

More information about the Linux-users mailing list