network/routing wonkiness
David A. Bandel
david.bandel at gmail.com
Wed Jul 25 05:26:45 PDT 2012
On Mon, Jul 23, 2012 at 11:10 AM, Lonni J Friedman <netllama at gmail.com> wrote:
[snip]
>>
>> short answer: firewall (iptables) rules.
>>
>> long answer:
>> iptables -t nat -i $EXTERNAL_INTERFACE -p tcp --dport 80 -j DNAT $INTERNAL_IP
>>
>> If you understand the above, you'll understand what's happening. You
>> must hit the external IP by entering via your router's external
>> address from outside. You can't hit your external address from inside
>> because the packets aren't entering via the external interface, but
>> via the router's localhost interface.
>>
>> So basically, it's a packet routing issue inside your router. If you
>> can get in via a CLI and remove the $EXTENAL_INTERFACE (basically
>> allowing the packet to port 80 to come from anywhere, then it should
>> start working (but may break other things).
>
> Thanks, that makes sense. Unfortunately, while my router does have
> shell access, it uses ipchains (rather than iptables), with a 2.0.x
> kernel. I never could grok ipchains rules, no matter how hard I
> tried. There are tons of ipchains -> iptables conversion tools, but
> sadly, not the reverse. Anyway remember how to do this with ipchains?
>
You're joking. If this thing is running Linux now, you should be able
to upgrade to OpenWRT (https://openwrt.org/). I would recommend it.
Then, maybe someone can help (although I doubt you'll need it).
ipchains is ancient and (AFAIK) unsupported. not even stateful.
Ciao,
David-
--
Two things are infinite: the universe and human stupidity; and I'm not
sure about the the universe. -- Albert Einstein
Visit my web page at: http://david.bandel.us/
More information about the Linux-users
mailing list