network problem: configuration/DNS? cannot access internal machine using our external IP

To: Debian-User <debian-user@lists.debian.org>
Subject: network problem: configuration/DNS? cannot access internal machine using our external IP
From: Jerome "Lacoste (Frisurf)" <lacostej@frisurf.no>
Date: 12 Feb 2003 19:03:59 +0100
Message-id: <[🔎] 1045073039.695.256.camel@expresso>

Summary: If I try to connect to an internal server given its dyndns.org
hostname, it works from the outside world, but fails if I try from
within our intranet.

I have this network configuration

   E
   |
Internet
   |
   | (EXT-IP)
** R ** (Firewall)
   | (192.168.1.1)
___|___
| | | | 
M S M M


E: external machine
R: router firewall for our intranet
S: internal server running Linux (in fact it runs Mandrake 9.0)
M: internal machines

We do not have a fixed IP for our connection so Dynamic DNS is enabled
on the router. Let's say the name of the domain as seen from the outside
is xxx.dyndns.org.

Not many ports are opened on the firewall (mainly SSH, WEB).
Of these ports only one (SSH) is forwarded to an internal server (S).
The others (including the http port) are unused as the router does not
provide any of these services to the outside. 
Thus doing a ping EXT-IP or wget EXT-IP ends up with a timeout.

Let's say the internal IP of our server (S) is 192.168.1.9.

Now if I am from (E):
> ssh login@EXT-IP          works
> ssh login@xxx.dyndns.org  works

If I am in my internal network:

> ssh login@192.168.1.9     works
> ssh login@xxx.dyndns.org  fails
> ssh login@EXT-IP          fails


>From a windows machine, pring and tracert to EXT-IP work.
>From any Linux machine on my network (M), I can ping my EXT-IP, but
cannot traceroute it.

If I log into my router and do a   
  traceroute EXT-IP 
it still doesn't give me any result (even thought it is my external ip
address!). 
If I do a ping, it still works.

I thought that this difference came from my router firewall settings. So
I disabled it without luck. tracert on windows still works while
traceroute on linux doesn't.

Disabling the firewall on the router and to retest these last two
comamnds from within the router or from within our internal network, but
traceroute stil fails..


To me this seemed like a routing problem from either my router or at my
ISP.
The routing as seen from my router was:

Dest         FF Len Device  Gateway      Metric stat Timer Use
80.212.0.0   00 32  poe0    80.212.0.0   1      03a9 0     0
192.168.1.0  00 24  enet0   192.168.1.1  1      041b 0     1119377
default      00 0   poe0    ISPNAME      1      00ab 0     892835

I tried to drop the first entry. It seemed to be redundant with the 3rd,
and as it seemed to not be used (Use=0). That didn't help.

Now I am out of ideas.
So if anybody can tell me why I cannot make a traceroute on linux or an
ssh to my external ip from within my network, I would be happy.


Last notes, don't know if they help...

My server (S) /etc/hosts file contains the following:
127.0.0.1    localhost.localdomain localhost
192.168.1.9  myname.mydomain.no xxx.dyndns.org myname

Note: myname.mydomain.no is not yet a declared host as the sub-domain
with the same name has not yet been registered.


Cheers,

Jerome
-- 
Jerome Lacoste (Frisurf) <lacostej@frisurf.no>
CoffeeBreaks

Reply to:

Follow-Ups:
- Re: network problem: configuration/DNS? cannot access internal machine using our external IP
  - From: Gary Turner <kk5st@sbcglobal.net>
- Re: network problem: configuration/DNS? cannot access internal machine using our external IP
  - From: Wilfried Essig <wedebianlsts@essignetz.de>

Prev by Date: Re: Header of a file
Next by Date: Re: Using of RedHat drivers in Debian
Previous by thread: Re: vim undel
Next by thread: Re: network problem: configuration/DNS? cannot access internal machine using our external IP
Index(es):
- Date
- Thread