Find the answer to your Linux question:
Page 2 of 2 FirstFirst 1 2
Results 11 to 19 of 19
It should work xandrei, how is your NAT'ing setup?...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Linux Enthusiast
    Join Date
    Aug 2006
    Location
    Portsmouth, UK
    Posts
    539

    It should work xandrei, how is your NAT'ing setup?
    RHCE #100-015-395
    Please don't PM me with questions as no reply may offend, that's what the forums are for.

  2. #12
    Just Joined!
    Join Date
    Apr 2009
    Posts
    90
    So, you have two Machines, on Local Network addresses (like 192.168.1.100, 192.168.2.100) - and want to be able to access them externally?

    Keep in mind that your router will be using NAT to, and this means to the outside world - there is only ONE machine (your router) - and not however many there are behind the router.

    Lets say your router's external IP is 91.1.2.3, that is the only address to which others can connect to you. Your 192.168.1.100 means nothing outside of your local network.

    To solve this, you need to setup Port Forwarding on the router like so:

    Forward Port 80 from the router to Port 80 on 192.168.1.100
    Forward Port 81 from the router to Port 80 on 192.168.2.100

    Then people can access 2. using the router's ip and port 81, and access 1. from the router's ip and port 80.

    If you need more than this, then you need to think about maybe setting up a VPN.

  3. #13
    Linux Enthusiast
    Join Date
    Aug 2006
    Location
    Portsmouth, UK
    Posts
    539
    If xandrei wants to direct incoming http requests to dedicated hosts there are a lot of ways that have absolutly no need what so ever for a VPN.

    Using apache as a proxy would be just one of them.

    So for now, let's just stay on topic and get the network working the way they want it to....
    RHCE #100-015-395
    Please don't PM me with questions as no reply may offend, that's what the forums are for.

  4. #14
    Just Joined!
    Join Date
    Apr 2009
    Posts
    8
    I'm beginning to suspect a NAT issue on the router less and less while thinking of a problem on the network config on the server itself.

    The reason for this is as follows: I've added another workstation on the the same LAN eth1 is connected to (behind the same router). This new workstation (IP addr: 192.168.0.100) has only 1 NIC configured and uses the router for internet connectivity. I've installed apache, and then set port forwarding on a high port number on the router. When tested on the public IP, the connection took the right path to the apache server on the new workstation displaying the correct webpage. I guess that means that NAT does work on the router

    I then went back to the 2 NICs server and ran tcpdump on interface eth1 (IP addr: 192.168.0.110).
    I first attempted a connection to the http server from the newly added workstation (192.168.0.100 to 192.168.0.110). The result was what appeared as a normal TCP transaction, and the web page displayed correctly on the requesting machine's web browser.
    Then I attempted a connection on the public IP with the port number that the http server listens on eth1. What I got was only the SYN (S) part of the three-way TCP handshake repeated a number of times and eventually stopped with a "Network Timeout" message displayed on the requesting browser. Here is part of the dump:

    Code:
    22:50:45.648553 IP (tos 0x0, ttl 64, id 35319, offset 0, flags [DF], proto TCP (6), length 60) < originating public IP on eth0 >.59894 > 192.168.0.110.squid: S, cksum 0xe3f6 (correct), 2205318165:2205318165(0) win 5840 <mss 1460,sackOK,timestamp 23459298 0,nop,wscale 6>
    What I believe might happen has to do with the route setup. Here's what I get when dialling "route -n" in the console:
    Code:
    192.168.0.0     192.168.0.1     255.255.255.0   UG    0      0        0 eth1
    192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
    80.xxx.xx.0     0.0.0.0         255.255.252.0   U     0      0        0 eth0
    169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
    0.0.0.0         80.xxx.xx.1     0.0.0.0         UG    0      0        0 eth0
    I have manually added this line:
    192.168.0.0 192.168.0.1 255.255.255.0 UG 0 0 0 eth1
    with route add -net, hoping that a gateway specification might help, but it didn't . The other line:
    192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
    is added automatically when configuring eth1 via ifconfig

    I suspect that the second SYN part of the TCP transaction is routed via eth0, since the IP making the request fits only the last pattern (0.0.0.0) in the routing table.

    LE: fixed a badly edited tcp dump log

  5. #15
    Linux Enthusiast
    Join Date
    Aug 2006
    Location
    Portsmouth, UK
    Posts
    539
    Just out of curiosity what address does your router NAT ( pretend to be ) to ?

    It might be something to do with that and the default gateway as per your query earlier on....
    RHCE #100-015-395
    Please don't PM me with questions as no reply may offend, that's what the forums are for.

  6. #16
    Just Joined!
    Join Date
    Apr 2009
    Posts
    8
    Router LAN address is 192.168.0.1 (I also tested connectivity with ping). External address is a public IP address similar to that assigned on eth0 (80.xxx.xx.xx)

  7. #17
    Linux Enthusiast
    Join Date
    Aug 2006
    Location
    Portsmouth, UK
    Posts
    539
    Just to clarify, your http server is listening on 192.168.2.0/24 and your router has a 192.168.0.0/24 address?

    Seem to have lost the plot regrading the default gateway...
    RHCE #100-015-395
    Please don't PM me with questions as no reply may offend, that's what the forums are for.

  8. #18
    Just Joined!
    Join Date
    Apr 2009
    Posts
    8
    No, I'm sorry about the confusion. I used 192.168.2.0 and 192.168.1.0 network addresses in previous posts to make it easy when explaining the setup. My actual configuration, presently is:
    eth0: static public IP address (80.xx.xx.xx)
    eth1: static private IP address (192.168.0.110) and the workstation that I added for testing is 192.168.0.100 (I'll adjust these to .2 and .3 probably - I changed the IPs as I was running various tests to rule out any router issues). Gateway (router) ip is 192.168.0.1.
    I also tested the setup pinging the gateway and workstations within the LAN. Had I assigned different addresses as in 192.168.2.0/24 and 192.168.0.0/24, the ping would have failed (hopefully ).

    I will run more tests by trying a vanilla OS installation (possibly a live cd) on the server as it is possible for the issue to be OS related (using Fedora w/ firewall and SELinux): btw the firewall allows connections on the selected ports since I could establish a connection from the testing workstation I used (192.168.0.100).

  9. #19
    Just Joined!
    Join Date
    Apr 2009
    Posts
    8
    After testing on a LiveCD fedora distro I think I can rule out the possibility of the router being responsible for a faulty NAT. What I did was setup eth1 as the default interface and then bind httpd to listen on eth1 ip: it worked.
    Actually, whenever the httpd server is tied to an interface that uses as the gateway the default route, the setup works, otherwise it doesn't: I only get the dropped packets I was able to record with tcpdump.

Page 2 of 2 FirstFirst 1 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •