Re: Viewing a web server hosted on a server on the LAN - but seeing the modem/router instead

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/29/2015 12:55 AM, birger wrote:
many routers only do that port forwarding when you actually hit from the outside.

...which is an artifact of the way that NAT works.

Typically, NAT is set up to rewrite the destination in an IPv4 packet. So, let's say that the router *does* NAT for the internal network. 192.168.1.2 tries to access the public IP of the router, x.x.x.x, which applies the NAT rule, rewrites the destination as 192.168.1.3, and forwards it. That system receives a packet with "source:192.168.1.2 destination:192.168.1.3". How does it reply? Well, it sends a SYN/ACK with "source:192.168.1.3 destination:192.168.1.2". And since it has a route to that destination, it's sent directly, not through the router. So no NAT gets applied. The client receives a SYN/ACK whose source doesn't match the destination of the SYN packet it sent, so it drops the packet and continues to retry the connection.

If you have control of the router, you can solve that by rewriting both the destination AND the source address when applying NAT to the local network, but then all of your connections appear to come from the router instead of the real clients.

NAT is a mess. It will always be a mess. While you're using it, you should be using split-horizon DNS so that internal requests for the NAT servers are routed directly to internal addresses. Split-horizon DNS is also messy, but that's what we get with NAT. The best solution is to move to IPv6 as soon as possible.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux