network/routing wonkiness

[Vu Pham]

On 07/22/2012 04:05 PM, Lonni J Friedman wrote:
> On Sun, Jul 22, 2012 at 1:39 PM, Vu Pham <vu at sivell.com> wrote:
>> On 07/22/2012 03:12 PM, Lonni J Friedman wrote:
>>> For years, my home network has experienced a strange routing quirk
>>> which has mystified me.  For reasons that I'd prefer not to bore
>>> anyone with, I won't get into why I'm speaking up about it now.  The
>>> issue is as follows.  I run a web server on my home network, and all
>>> the IP addresses on this network are non-routable (10.xxx.xxx.xx).
>>> That same webserver is accessible over the internet, with a real,
>>> routable (quasi)static IP address.  If any device/system on my home
>>> network attempts to access the webserver, it will timeout & fail 100%
>>> of the time.  However, if I hard code the non-routable static IP of
>>> the webserver in /etc/hosts with the same internet accessible domain
>>> name, then any system on my home network can access the webserver just
>>> fine.  Note, this is *not* a port issue.  I'm able to hit the same
>>> apache server port regardless of whether I'm inside the network, or
>>> out on the internet.
>>>
>>> What I'm failing to grasp is why I am seemingly unable to route
>>> traffic from my home network out over the internet, and back to my
>>> webserver.  Either I've got something bizarre misconfigured somewhere,
>>> or there's some law of networking that I'm not grasping.
>>>
>>> thanks
>>>
>>
>> I have a similar problem : my web server is a virtual server staying on
>> the internal network 192.168.x.x, and the router has a static map that
>> maps this web server 's ip to a public ip. To be able to access this web
>> server from the internal network, I have to use the internal DNS server
>> to map the A record of this server to the its (interna) ip. The public
>> hosts will use the public-side DNS server to resolve to the public IP
>> address.
>>
>> My router is a Cisco router. IIRC, my packet sniffing shows that the IP
>> packets from the internal hosts get to the internal interface of the
>> router and are forwarded to external interface but then stopped right
>> there. I was told that the Cisco engine only maps the public ip to the
>> internal ip if the packets are from the outside to get into the outside
>> interface.
>>
>> In the case of the internal packets that want to get to the web server
>> via the external IP, those packets are put into the out-going queue. The
>> engine when processing these packets won't send them out because the
>> destination is really inside, but because they are not from the outside
>> so the static map won't translate it and these packets are simply dropped.
>>
>> I may not remember all of these correctly because it happened  5 or 6
>> years ago, but I think when I tcpdumped the web server 's interface,
>> none of the internal packets that send to the web's external ip can get
>> to the web server.
>
> Yup, that's a good summary of the problem.  So basically this sounds
> like a limitation of the router sitting between my internal network &
> the internet?  Mine isn't a Cisco device (its an embedded Linux based
> device), so perhaps I can find/Google a solution.
>

I think it is the router problem. If your home network does not have 
many systems, then just use the static hosts file as you do now, 
otherwise use the internal dns server that resolves only the name of the 
web server and forward the rest to the external/outside dns server.

Vu