network/routing wonkiness

David A. Bandel david.bandel at gmail.com
Mon Jul 23 06:45:06 PDT 2012 

On Sun, Jul 22, 2012 at 3:12 PM, Lonni J Friedman <netllama at gmail.com> wrote:
> For years, my home network has experienced a strange routing quirk
> which has mystified me.  For reasons that I'd prefer not to bore
> anyone with, I won't get into why I'm speaking up about it now.  The
> issue is as follows.  I run a web server on my home network, and all
> the IP addresses on this network are non-routable (10.xxx.xxx.xx).
> That same webserver is accessible over the internet, with a real,
> routable (quasi)static IP address.  If any device/system on my home
> network attempts to access the webserver, it will timeout & fail 100%
> of the time.  However, if I hard code the non-routable static IP of
> the webserver in /etc/hosts with the same internet accessible domain
> name, then any system on my home network can access the webserver just
> fine.  Note, this is *not* a port issue.  I'm able to hit the same
> apache server port regardless of whether I'm inside the network, or
> out on the internet.
>
> What I'm failing to grasp is why I am seemingly unable to route
> traffic from my home network out over the internet, and back to my
> webserver.  Either I've got something bizarre misconfigured somewhere,
> or there's some law of networking that I'm not grasping.
>
> thanks

short answer:  firewall (iptables) rules.

long answer:
iptables -t nat -i $EXTERNAL_INTERFACE -p tcp --dport 80 -j DNAT $INTERNAL_IP

If you understand the above, you'll understand what's happening.  You
must hit the external IP by entering via your router's external
address from outside.  You can't hit your external address from inside
because the packets aren't entering via the external interface, but
via the router's localhost interface.

So basically, it's a packet routing issue inside your router.  If you
can get in via a CLI and remove the $EXTENAL_INTERFACE (basically
allowing the packet to port 80 to come from anywhere, then it should
start working (but may break other things).

HTH,

David A. Bandel
-- 
Two things are infinite: the universe and human stupidity; and I'm not
sure about the the universe. -- Albert Einstein
Visit my web page at: http://david.bandel.us/

More information about the Linux-users mailing list