Image

linux iprouting tables

Need help? Or just want to chat about your rig.
Locked
ChairmanMao

linux iprouting tables

Post by ChairmanMao » Sun Jan 11, 2009 8:58 am

I wonder if anyone can help.

I run a specialised linux distro on my router, giving me advanced security. It works great apart from one thing.

Allthough external clients (i.e. not on my home network) can access my webserver and view my website, client's on my home network can't - they just get a connection refused error.

I think it is to do with NAT routing and iptables, but I don't know anything about iptables and routing and not sure how to fix it.

Is there any one who knows about iptables and routing and that can help out. I have CLI access to the router so can issue the necessary commands needed to diagnose the problems..

Here is my current iptables list:

Chain INPUT (policy DROP)
target prot opt source destination
REMOVED
Last edited by ChairmanMao on Sun Jan 11, 2009 2:42 pm, edited 1 time in total.

M13
Retired Clan Member
Retired Clan Member
Posts: 63
Joined: Wed Dec 31, 1969 7:00 pm
Location: Omaha, NE

Post by M13 » Sun Jan 11, 2009 12:32 pm

Off of the top of my head, I do know what the problem is, I think, but I'm so rusty with this stuff I'll leave a solution to others.

The problem is that your local lan doesn't go thru the router to get to a server ON the local lan. But since you don't have your own dns server for your local lan your comp's on the local lan resolve the server's IP address as the address of the WAN, or your public IP.

I beleive all you have to do is to add an entry to the hosts file.
Like this:
192.168.xxx.xxx www.myserver.com

This file is looked into before looking it up with dns.

The only bad thing about this is you have to do it on every comp in the lan.

I'm sure someone else will come up with a more elegant solution, but alas my networking skills are a might rusty.

ChairmanMao

Post by ChairmanMao » Sun Jan 11, 2009 2:28 pm

Cheers M13, I will try this out and see what others say...

ChairmanMao

Post by ChairmanMao » Sun Jan 11, 2009 2:41 pm

AWESOME, it worked. thanks loads M13 ;)

Locked