Jerome Lacoste (Frisurf) said on Thu, Feb 13, 2003 at 10:13:09AM +0100: > I have this network configuration > > E > | > Internet > | > | (EXT-IP) > ** R ** (Firewall) > | (192.168.1.1) > ___|___ > | | | | > M S M M > > > E: external machine > R: router firewall for our intranet > S: internal server running Linux (in fact it runs Mandrake 9.0) > M: internal machines What is R? Routerbox, Linux box being a router...? > Thus doing a ping EXT-IP or wget EXT-IP ends up with a timeout. So you're blocking all ICMP at your router? That's not a good idea: you should rate limit ping (to say 5/sec), and allow many of the other ones. ICMP is necessary for IP to function properly. > If I am in my internal network: > > > ssh login@192.168.1.9 works > > ssh login@xxx.dyndns.org fails > > ssh login@EXT-IP fails Sounds like your router isn't allowing DNS packets to go from behind your internal network to your nameservers. In addition, it sounds like your router/firewall is blocking ssh traffic from your internal network to your external IP. > >From a windows machine, pring and tracert to EXT-IP work. > >From any Linux machine on my network (M), I can ping my EXT-IP, but > cannot traceroute it. traceroute on Linux works differently than tracert on Windows. By default, traceroute on Linux uses UDP packets, while tracert on Windows uses ICMP. Try traceroute -I from your Linux boxes, and see if that works. > Now I am out of ideas. > So if anybody can tell me why I cannot make a traceroute on linux or an > ssh to my external ip from within my network, I would be happy. Can you tell us what your router is? That might help. Are you sure that your router is configured to NAT your internal network properly? M
Attachment:
pgpzxOC6pCmK2.pgp
Description: PGP signature