Find the answer to your Linux question:
Results 1 to 6 of 6
Hello Everybody, I got a strange problem i need help to diagnostic what append... I got a linux box 192.168.1.112 (eth0) connected to a dsl router (Motorola Netopia) 192.168.1.1. - ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2012
    Location
    Paris
    Posts
    4

    External socket access through NAT problem (Frame address doubt)


    Hello Everybody,

    I got a strange problem i need help to diagnostic what append...

    I got a linux box 192.168.1.112 (eth0) connected to a dsl router (Motorola Netopia) 192.168.1.1.
    - On the linux box, i got a working vpn running 10.8.0.66 (tun0) connected to 10.8.0.1
    - On the Netopia router, i activate the NAT to redirect all the port i need
    - On the linux box, i clear all the iptables rules

    I got a strange result, All working well throught VPN or inside the LAN (from an other machine on the LAN).
    But when i try to access directly from external throught NAT this not work at all !

    I can see service listen on ALL interfaces (*:xxx)

    Code:
    # lsof|grep LISTEN|grep TCP
    vsftpd      715       root    3u     IPv4    3623121      0t0        TCP *:ftp (LISTEN)
    smbd        982       root   25u     IPv6       5159      0t0        TCP *:microsoft-ds (LISTEN)
    smbd        982       root   26u     IPv6       5161      0t0        TCP *:netbios-ssn (LISTEN)
    x11vnc     1399     zzzbox    9r     IPv4       4792      0t0        TCP *:5900 (LISTEN)
    x11vnc     1399     zzzbox   10w     IPv6       4793      0t0        TCP *:5900 (LISTEN)
    niLxiDisc  1432       root    1u     IPv4       5861      0t0        TCP localhost.localdomain:50001 (LISTEN)
    sshd       1443       root    3u     IPv4       5883      0t0        TCP *:ssh (LISTEN)
    sshd       1443       root    4u     IPv6       5885      0t0        TCP *:ssh (LISTEN)

    I can see the TCP connection frames retry arrived from the Netopia routeur but with the FTP client address "vin87-1-82-201-177-88.fbx.proxad.net"...

    Code:
    tcpdump -vv|grep ftp
    tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
    vin87-1-82-201-177-88.fbx.proxad.net.1338 > 192.168.1.112.ftp: Flags [S], cksum 0x26a3 (correct), seq 3344854837, win 65535, options [mss 1460,nop,nop,sackOK], length 0
    vin87-1-82-201-177-88.fbx.proxad.net.1338 > 192.168.1.112.ftp: Flags [S], cksum 0x26a3 (correct), seq 3344854837, win 65535, options [mss 1460,nop,nop,sackOK], length 0
    vin87-1-82-201-177-88.fbx.proxad.net.1338 > 192.168.1.112.ftp: Flags [S], cksum 0x26a3 (correct), seq 3344854837, win 65535, options [mss 1460,nop,nop,sackOK], length 0
    The linux box nether respond by this way. I think is strange Netopia dont use is own address "192.168.1.1" in place of external address "vin87-1-82-201-177-88.fbx.proxad.net"....
    (i see my other linksys router do that...)

    How can i workaround this ? What to you think about this ? Can you help me to diagnose ?

    Do you known how can why this frame are not processed ?

    Thanks in advance for your help

    Rom1nux
    Ps : Sorry for my bad English expression

  2. #2
    Just Joined!
    Join Date
    Jun 2012
    Location
    Paris
    Posts
    4
    Hello,

    I see when i close the VPN (/etc/init.d/openvpn stop) i recover the external access...

    What append with vpn enabled ? why external address seem to be ignored ?

    Thanks in advance

    Rom1nux
    Last edited by rom1nux; 06-25-2012 at 08:47 AM.

  3. #3
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Most routers when configured to use VPN the default is use that VPN and no other. This is for security reasons and why it doesn't see anything but the VPN. If your router doesn't have a setting to work around this then you are going to have to look for another solution.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Jun 2012
    Location
    Paris
    Posts
    4
    Hello Lazydog,
    Thanks a lot for you help. My VPN client (openvpn) is on the linux box, and passthrought the router (not special config to enabled the VPN on the router) and VPN server is outside (on dedicated server)... Did you know how to openvpn let me receive non-local request when is started ?
    Thanks in advance
    Rom1nux

  6. #5
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    I am not sure you can do this. As stated before this is for security reasons. This is to protect the network from someone slipping into your laptop/box and then tunneling through to the LAN.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  7. #6
    Just Joined!
    Join Date
    Jun 2012
    Location
    Paris
    Posts
    4
    Hello Lazydog,
    I try to play with routing table or with iptables but without success....if someone got way...let me know....
    Another thanks to take time Mr Laydog to help me.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •