[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian networking - accessing public-side servers from a private network

I have a network with a Debian router, using iptables for NAT and
firewalling. Connected to it via a Wi-fi acces point is, among other
things, an Android phone. This is mosty relevant in that I cannot vary
its settings very much, other than by changing them on the router.

I have IPv6 on the network, and, were all the apps I need to use on the
phone enabled, there would not be a problem, however some of them
require IPv4.

I have both public and private networks - let's say they are
192.0.2.48/28 and 192.168.0.0/24.

My network includes several physical machines that act as servers, and
all such machines have addresses in both IPv4 ranges, statically
assigned. Machines not used as servers have private addresses only,
assigned by DHCP. radvd is in use to assign IPv6 addresses and DNS
servers.

It is probably most notable that one server is running Asterisk, as it
is partially herein that the problem lies. I am trying to connect
Zoiper on the Android phone to it using IAX.

The router has addresses 192.0.2.49 and 192.168.0.1. The Asterisk box
has 192.0.2.51 and 192.168.0.4. The phone has been assigned
192.168.0.130 on this occasion. The router has NAT set up on
192.0.2.62 to enabre the private address only systems to access the
Internet.

If I set up Zoiper to use the FQDN of the Asterisk box, it connects
just fine when I am not at home. However, when I am at home, it still
uses the public IP address (192.0.2.51) of the Asterisk box, which,
because it can see the phone directly, then responds using its own
private address (192.168.0.4) - this causes Zoiper to fail to register.
(it is clear from a tcpdump that this is happening)

At no point does the router get involved in the communication between
the phone and the Asterisk box. To do so might make things easier, or
could just add an unnecessary layer of complexity.

The answer to the problem could lie in several places:

- If I could somehow get the phone to use the NAT to communicate with
  the Asterisk box, that would probably work.

- If I could get the phone to pick up the private address of the
  Asterisk box rather than the public one, that would probably work. I
  have tried setting up to do this with dnsmasq, but the IPv6 settings
  for DNS cause this to be overridden. If I could somehow change the
  priority of this on the phone, it would help.

- If I could persuade the Asterisk box to respond on its public address
  rather than its private one, that would probably work.

- If I could find an IPv6-enabled equivalent of Zoiper, that would
  probably work.

- If I could find an equivalent of Zoiper that would work registered to
  the private IP address when at home and the public one elsewhere,
  that would work.

The first three, if possible, should be possible on the Debian side of
things. The others are clearly outside Debian.

I am happy to do whatever it takes to investigate this further, but am
a bit at a loss on how to proceed from here.

Does anyone have any suggestions on how I might proceed?

-- 
Phil Reynolds
mail: phil-debian@tinsleyviaduct.com
Web: http://phil.tinsleyviaduct.com/
Reply to: